Linux Kernel AMD64 syscall() Validation Flaw Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1014303
|
|
SecurityTracker URL: http://securitytracker.com/id?1014303
|
|
CVE Reference: CAN-2005-1765
(Links to External Site)
|
Date: Jun 27 2005
|
Impact: Denial of service via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6
|
Description: A vulnerability was reported in the Linux kernel syscall() function, affecting AMD64-based systems. A local user can cause denial of service conditions.
A local user can invoke syscall() with specially crafted arguments to cause the kernel to hang.
This vulnerability only affects
the amd64 plaform and only when running in the 32 bit compatibility mode.
ZouNanHai discovered this vulnerability.
|
Impact: A local user can cause the kernel to hang.
|
Solution: The vendor has issued a fix.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 27 Jun 2005 09:51:37 -0400
Subject: [none]
|
Ubuntu reported:
ZouNanHai discovered that a local user could hang the kernel by
invoking syscall() with specially crafted arguments. This only affects
the amd64 platform when running in the 32 bit compatibility mode.
(CAN-2005-1765)
|
|
