QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2365

Published: Jun 30, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

linux-kernel-ptraceattach-dos(43567)

vdb-entry

x_refsource_XF

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap

x_refsource_MISC

vdb-entry

x_refsource_BID

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87

x_refsource_CONFIRM

[oss-security] 20080714 Re: CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SREASON

oval:org.mitre.oval:def:10749

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=449359

x_refsource_CONFIRM

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6de

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20080626 CVE-2008-2365 kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race -- affecting kernel versions <= 2.6.25

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

[linux-kernel] 20070508 Re: [PATCH -utrace] Move utrace into task_struct

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.