Bugzilla – Bug 139565
VUL-0: CVE-2005-2553: kernel: AMD64: crash when ptracing a 64bit program with a 32bit strace/ltrace
Last modified: 2019-05-07 09:45:02 UTC
CVE-2005-2553 The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program. http://lkml.org/lkml/2005/1/5/245 http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
patch looks simple enough, only SLES 8 affected.
Committed.
for tracking
updates + advisory released.
Patch: patches.common/ltrace-32bit-on-64bit-executable-fix present and released in: SLES8 kernel update 2.4.21-314 dated Nov 02, 2006 & released Nov 08, 2006. (check of presence in prior updates omitted here). Adding Whiteboard Status "released:" for SLES-8
CVE-2005-2553: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)