Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199691 (CVE-2007-5500) - Linux <2.6.23.8 wait_task_stopped() DoS (CVE-2007-5500)
Summary: Linux <2.6.23.8 wait_task_stopped() DoS (CVE-2007-5500)
Status: RESOLVED FIXED
Alias: CVE-2007-5500
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/27664/
Whiteboard: [linux < 2.6.23.8][genpatches < 2.6.2...
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-19 19:56 UTC by Aniruddha
Modified: 2013-09-12 04:56 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aniruddha 2007-11-19 19:56:10 UTC 
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).

1) An error within the "wait_task_stopped()" function can be exploited to cause a DoS by manipulating the state of a child process while the parent is waiting for the state to change (e.g. the parent is inside "wait()" or "waitpid()").

2) An NULL-pointer dereference error exists within the "tcp_sacktag_write_queue()" function when processing ACK packets. This can be exploited to crash an affected system via specially crafted ACK packets.

The vulnerabilities are reported in versions prior to 2.6.23.8.

Solution:
Update to version 2.6.23.8.

Provided and/or discovered by:
1) Roland McGrath
2) Ilpo Järvinen

Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8

Reproducible: Always
Comment 1 Bernd Marienfeldt 2007-11-27 12:21:06 UTC 
Any update on this ?
Comment 3 Bernd Marienfeldt 2007-11-30 09:49:24 UTC 
(In reply to comment #1)
> Any update on this ?
> 

Can someone confirm if the vulnerabilities are affecting the hardenend kernel please.
Comment 4 kfm 2008-02-27 19:59:44 UTC 
The 2.6.23.18 patch was folded in to genpatches-2.6.23-3. Thus, hardened-sources-2.6.23-r2 was fixed as this was based upon that version of genpatches. Last time I checked, there are only 4 kernel ebuilds which are still based upon vulnerable versions of genpatches actually in portage:

gentoo-sources-2.6.23 [genpatches-2.6.23-1]
gentoo-sources-2.6.23-r1 [genpatches-2.6.23-2]
tuxonice-sources-2.6.23 [genpatches-2.6.23-1]
tuxonice-sources-2.6.23-r1 [genpatches-2.6.23-2]

These versions have since been superceded by newer revisions (which are not subject to this vulnerability) so this bug is effectively resolved and I am marking it as such.

Also removing hardened from the CC list as it is not a hardened issue.
Comment 5 kfm 2008-02-27 20:04:24 UTC 
Actually, closing it is a little premature as there are still older kernel versions that are potentially affected. I'll add another post later, clarifying which ebuilds are affected.
Comment 6 svrmarty 2009-08-05 15:59:47 UTC 
latest update from 2008

please close