Bug 132731 (CVE-2005-3107)

Summary: VUL-0: CVE-2005-3107: kernel: local dos related to ptrace and core dumping
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Gerd Hoffmann <kraxel>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-3107: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-11-08 15:54:55 UTC 
CVE-2005-3107

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.

http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc1/2.6.11-rc1-mm1/broken-out/fix-coredump_wait-deadlock-with-ptracer-tracee-on-shared-mm.patch

http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.155?nav=index.html|src/|src/fs|hist/fs/exec.c
Comment 1 Olaf Kirch 2005-11-09 13:04:05 UTC 
Chris, this is in your team.

Marcus, exactly what is the DoS condition here?
Comment 2 Marcus Meissner 2005-11-09 13:25:55 UTC 
i am not fully clear what the "deadlock" means, if just the task deadlocks
or the whole machine.

if it is the latter, it is of course a DOS. 

A hanging around process is not nice and should be avoided, but this is not as necessary to fix in older products.
Comment 3 Chris L Mason 2005-11-14 05:20:39 UTC 
Gerd, please review and backport these patches as appropriate.
Comment 4 Gerd Hoffmann 2005-11-14 10:02:15 UTC 
It's just the task which deadlocks and becomes unkillable due to that.  The machine continues to run.

This fix made it into 2.6.11 mainline, so it affects 9.1, 9.2 and sles9, right?
So this is a WONTFIX according to comment #2?
Comment 5 Marcus Meissner 2005-11-14 10:19:34 UTC 
since an evil user can only shoot himself into the foot, the 
impact is low (one could invent scenarios where a non-killable user process might be problematic, but I consider them very minor until proven otherwise).

since it is fixed in upstream, lets close this.
Comment 6 Thomas Biege 2009-10-13 21:48:31 UTC 
CVE-2005-3107: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)