SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Next Generation POSIX Threading (NGPT) Vendors:   NGPT Team
Next Generation POSIX Threading (NGPT) Shared Memory Implementation May Allow Local Users to Deny Service on the System
SecurityTracker Alert ID:  1004430
SecurityTracker URL:  http://securitytracker.com/id/1004430
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 1 2002
Impact:   Denial of service via local system, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.9.0
Description:   A vulnerability was reported in the Next Generation POSIX Threading (NGPT) software for Linux. A local user may be able to cause denial of service conditions for threaded processes.

It is reported that NGPT version 1.9.0 uses a filesystem entry for the shared memory rendevous point. A local user could possibly deny service to threaded processes or perform file spoofing.

No further details were provided.

Impact:   A local user could deny service to the system or perform file spoofing attacks.
Solution:   The vendor has released a fixed version (1.9.1), available at:

http://oss.software.ibm.com/developerworks/opensource/pthreads/index2.html

The new release now uses the POSIX shared memory operations shm_open() and shm_unlink().

Vendor URL:  oss.software.ibm.com/developerworks/opensource/pthreads/index.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents

Subject:  Next Generation POSIX Threading 1.9.1


  Next Generation POSIX Threading 1.9.1 (Development)
  by Bill Abt (http://freshmeat.net/users/billa/)
  Friday, May 24th 2002 14:34

Software Development :: Libraries System :: Operating System System ::
Operating System Kernels :: Linux

About: Next Generation POSIX Threading (NGPT) is a project which
introduces an M:N threading model to the Linux system. This model will
provide better performance for multi-threaded applications that utilize
the POSIX pthreads library functionality. This will be particularly true
on SMP machines. The goal of this project is to make threading on Linux
more robust, more POSIX-compliant, and more in line with the services
provided by commerical Unix operating systems.  

Changes: This release fixes a major security hole and we've stabilized
the code. The security problem arose from the fact that NGPT was using a
filesystem-based shared memory file. This could have led to DoS and
"spoofing" attacks on a system with NGPT installed. It now uses the
POSIX shared memory operations shm_open() and shm_unlink().

License: GNU Lesser General Public License (LGPL)

URL: http://freshmeat.net/projects/ngpt/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC