Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2365

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2008-2365
Last Modified 19 Mar 2012 12:00:00
Published 30 Jun 2008 05:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2365

Summary

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.11.11

  • Linux Kernel 2.6.11.12

  • Linux Kernel 2.6.11.4

  • Linux Kernel 2.6.11.5

  • Linux Kernel 2.6.11.6

  • Linux Kernel 2.6.11.7

  • Linux Kernel 2.6.11.8

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.12.1

  • Linux Kernel 2.6.12.12

  • Linux Kernel 2.6.12.2

  • Linux Kernel 2.6.12.22

  • Linux Kernel 2.6.12.3

  • Linux Kernel 2.6.12.4

  • Linux Kernel 2.6.12.5

  • Linux Kernel 2.6.12.6

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.13.1

  • Linux Kernel 2.6.13.2

  • Linux Kernel 2.6.13.3

  • Linux Kernel 2.6.13.4

  • Linux Kernel 2.6.14

  • Linux Kernel 2.6.14.1

  • Linux Kernel 2.6.14.2

  • Linux Kernel 2.6.14.3

  • Linux Kernel 2.6.14.4

  • Linux Kernel 2.6.14.5

  • Linux Kernel 2.6.15

  • Linux Kernel 2.6.15.1

  • Linux Kernel 2.6.15.11

  • Linux Kernel 2.6.15.2

  • Linux Kernel 2.6.15.3

  • Linux Kernel 2.6.15.4

  • Linux Kernel 2.6.16

  • Linux Kernel 2.6.16.1

  • Linux Kernel 2.6.16.11

  • Linux Kernel 2.6.16.12

  • Linux Kernel 2.6.16.13

  • Linux Kernel 2.6.16.19

  • Linux Kernel 2.6.16.23

  • Linux Kernel 2.6.16.27

  • Linux Kernel 2.6.16.7

  • Linux Kernel 2.6.16.9

  • Linux Kernel 2.6.17

  • Linux Kernel 2.6.17.1

  • Linux Kernel 2.6.17.10

  • Linux Kernel 2.6.17.11

  • Linux Kernel 2.6.17.12

  • Linux Kernel 2.6.17.13

  • Linux Kernel 2.6.17.14

  • Linux Kernel 2.6.17.2

  • Linux Kernel 2.6.17.3

  • Linux Kernel 2.6.17.5

  • Linux Kernel 2.6.17.6

  • Linux Kernel 2.6.17.7

  • Linux Kernel 2.6.17.8

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.18.1

  • Linux Kernel 2.6.18.3

  • Linux Kernel 2.6.18.4

  • Linux Kernel 2.6.19

  • Linux Kernel 2.6.19.0

  • Linux Kernel 2.6.19.1

  • Linux Kernel 2.6.19.2

  • Linux Kernel 2.6.20

  • Linux Kernel 2.6.20.1

  • Linux Kernel 2.6.20.11

  • Linux Kernel 2.6.20.13

  • Linux Kernel 2.6.20.15

  • Linux Kernel 2.6.20.2

  • Linux Kernel 2.6.20.3

  • Linux Kernel 2.6.20.4

  • Linux Kernel 2.6.20.5

  • Linux Kernel 2.6.20.8

  • Linux Kernel 2.6.20.9

  • Linux Kernel 2.6.21

  • Linux Kernel 2.6.21.1

  • Linux Kernel 2.6.21.2

  • Linux Kernel 2.6.21.4

  • Linux Kernel 2.6.21.6

  • Linux Kernel 2.6.21.7

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22.1

  • Linux Kernel 2.6.22.11

  • Linux Kernel 2.6.22.12

  • Linux Kernel 2.6.22.13

  • Linux Kernel 2.6.22.14

  • Linux Kernel 2.6.22.15

  • Linux Kernel 2.6.22.16

  • Linux Kernel 2.6.22.17

  • Linux Kernel 2.6.22.3

  • Linux Kernel 2.6.22.4

  • Linux Kernel 2.6.22.5

  • Linux Kernel 2.6.22.6

  • Linux Kernel 2.6.22.7

  • Linux Kernel 2.6.22.8

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23 Rc1

  • Linux Kernel 2.6.23.1

  • Linux Kernel 2.6.23.10

  • Linux Kernel 2.6.23.14

  • Linux Kernel 2.6.23.2

  • Linux Kernel 2.6.23.3

  • Linux Kernel 2.6.23.4

  • Linux Kernel 2.6.23.5

  • Linux Kernel 2.6.23.6

  • Linux Kernel 2.6.23.7

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.24 Rc4

  • Linux Kernel 2.6.24 Rc5

  • Linux Kernel 2.6.24.1

  • Linux Kernel 2.6.24.2

  • Linux Kernel 2.6.24.6

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4

  • Linux Kernel 2.6.25.5

  • Linux Kernel 2.6.9

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 4.0


References

MLIST - [oss-security] 20080626 CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25

REDHAT - RHSA-2008:0508

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f5b40e363ad6041a96e3da32281d8faa191597b9

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f358166a9405e4f1d8e50d8f415c26d95505b6de

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=5ecfbae093f0c37311e89b29bfc0c9d586eace87

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=449359

XF - linux-kernel-ptraceattach-dos(43567)

UBUNTU - USN-625-1

SECTRACK - 1020362

BID - 29945

MLIST - [oss-security] 20080714 Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25

MISC - http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap

SREASON - 3965

SECUNIA - 31107

SECUNIA - 30850

MLIST - [linux-kernel] 20070508 Re: [PATCH -utrace] Move utrace into task_struct


Last Updated: 27 May 2016 10:57:30