Wind River Support Network

HomeOther DownloadsSecurity Advisory - Linux Kernel - CVE-2008-2365
Recommended Type: Patch

Security Advisory - Linux Kernel - CVE-2008-2365

Released: Jul 16, 2008     Updated: Jul 16, 2008

Description

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514.

http://checklists.nist.gov/nvd.cfm?cvename=CVE-2008-2365 IDENTIFIER = WIND00127032


Product Version

Linux Platforms 2.0, Linux Platforms 1.x

Downloads


Installation Notes

Installation Notes

WIND00127037.zip for 1.4
WIND00127039.zip for 1.5

1. Unzip the patch under [install_dir]/updates

2. Install the patch CD by entering the patch CD directory and run setup_linux.

3. This is a source only patch so you will have to build the kernel

4. Issue a make fs and make the kernel in a configured directory.

5. Upload the kernel and rootfs into the target and boot it up.


Live chat
Online