Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 199691 (CVE-2007-5500) - Linux < wait_task_stopped() DoS (CVE-2007-5500)
Summary: Linux < wait_task_stopped() DoS (CVE-2007-5500)
Alias: CVE-2007-5500
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux <][genpatches < 2.6.2...
Depends on:
Reported: 2007-11-19 19:56 UTC by Aniruddha
Modified: 2013-09-12 04:56 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Aniruddha 2007-11-19 19:56:10 UTC
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).

1) An error within the "wait_task_stopped()" function can be exploited to cause a DoS by manipulating the state of a child process while the parent is waiting for the state to change (e.g. the parent is inside "wait()" or "waitpid()").

2) An NULL-pointer dereference error exists within the "tcp_sacktag_write_queue()" function when processing ACK packets. This can be exploited to crash an affected system via specially crafted ACK packets.

The vulnerabilities are reported in versions prior to

Update to version

Provided and/or discovered by:
1) Roland McGrath
2) Ilpo Järvinen

Original Advisory:

Reproducible: Always
Comment 1 Bernd Marienfeldt 2007-11-27 12:21:06 UTC
Any update on this ?
Comment 3 Bernd Marienfeldt 2007-11-30 09:49:24 UTC
(In reply to comment #1)
> Any update on this ?

Can someone confirm if the vulnerabilities are affecting the hardenend kernel please.

Comment 4 kfm 2008-02-27 19:59:44 UTC
The patch was folded in to genpatches-2.6.23-3. Thus, hardened-sources-2.6.23-r2 was fixed as this was based upon that version of genpatches. Last time I checked, there are only 4 kernel ebuilds which are still based upon vulnerable versions of genpatches actually in portage:

gentoo-sources-2.6.23 [genpatches-2.6.23-1]
gentoo-sources-2.6.23-r1 [genpatches-2.6.23-2]
tuxonice-sources-2.6.23 [genpatches-2.6.23-1]
tuxonice-sources-2.6.23-r1 [genpatches-2.6.23-2]

These versions have since been superceded by newer revisions (which are not subject to this vulnerability) so this bug is effectively resolved and I am marking it as such.

Also removing hardened from the CC list as it is not a hardened issue.
Comment 5 kfm 2008-02-27 20:04:24 UTC
Actually, closing it is a little premature as there are still older kernel versions that are potentially affected. I'll add another post later, clarifying which ebuilds are affected.
Comment 6 svrmarty 2009-08-05 15:59:47 UTC
latest update from 2008

please close