CVE-2008-1615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1615): Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
See https://bugzilla.redhat.com/show_bug.cgi?id=431430
Created attachment 152509 [details, diff] linux-2.6.9-fix-unprivileged-crash-on-x86_64-cs-corruption.patch Extracted from kernel-2.6.9-67.0.15.EL.src.rpm
Other kernels are affected. Looks like 2.6.4->2.6.24 More info: http://article.gmane.org/gmane.linux.debian.devel.bugs.general/434570 http://security-tracker.debian.net/tracker/CVE-2008-1615
> http://article.gmane.org/gmane.linux.debian.devel.bugs.general/434570 Sorry, better link: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480390
not sure how to fix this in 2.6.24.. the patch linked here is for older kernels only, and i can't find any explanation of how this was fixed in 2.6.25
the patch can be ported to 2.6.24 quite easily (as Gordon has done) but it doesn't match what has been done upstream. I think the upstream fix is this one: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=a31f8dd7ee3b2f5645c220406b1e21f82971f32b It applies cleanly to 2.6.24. If someone wants to confirm that it makes the bug go away, I'll put it in genpatches.
actually that's not it, I'm back to being not sure how upstream fixed it
