BID:25801

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

Info

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

Bugtraq ID:	25801
Class:	Design Error
CVE:	CVE-2007-3731
Remote:	No
Local:	Yes
Published:	Sep 25 2007 12:00AM
Updated:	Feb 29 2008 10:22PM
Credit:	Evan Teran discovered this issue.
Vulnerable:	Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 rPath rPath Linux 1 rPath Appliance Platform Linux Service 1 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .3 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 -git8 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 .1 Linux kernel 2.6.20 Linux kernel 2.6.20 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11 Linux kernel 2.6.20-rc2 Linux kernel 2.6.20-2 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha

Not Vulnerable:

Discussion

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability.

This issue occurs because of a NULL-pointer dereference in certain 'ptrace' operations.

A local attacker can exploit this issue to crash the affected kernel, denying service to legitimate users.

Exploit / POC

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

Solution:
Updates have been released to address this issue. Please see the references for more information.

References

Linux Kernel PTrace NULL Pointer Dereference Local Denial Of Service Vulnerability

References:

Bugzilla Bug 248324: CVE-2007-3731 NULL pointer dereference triggered by ptrace (Red Hat)
Handle bogus %cs selector in single-step instruction decoding (Linux)
i386: fixup TRACE_IRQ breakage (Linux)
RHSA-2007:0940-7 - kernel security update (Red Hat)