On Mon, 11 Jul 2005, Suresec Advisories wrote: > Suresec Security Advisory - #00004 > 10/07/05 > > Linux kernel ia32 compatibility race condition > Advisory: http://www.suresec.org/advisories/adv4.pdf <http://www.suresec.org/advisories/adv3.pdf> > > Description: > > A race condition vulnerability has been found in the ia32 compatibility > execve() systemcall. The race condition may lead to heap corruption. > > Risk: > > Exploitation of this vulnerability may results in panics, oopses or > in the worst case code exection at ring 0. > > Credit: > > The vulnerability was discovered by Ilja van Sprundel. FYI: While there is no official patch for 2.4 there is one form Andi Kleen in the HF kernel series: http://linux.exosec.net/kernel/2.4-hf/2.4.31/LATEST/CHANGELOG --- Changelog From 2.4.31 to 2.4.31-hf1 (semi-automated) --------------------------------------- '+' = added ; '-' = removed ... + 2.4.31-x86_64-ia64-32bit-execve-overflow-1 (Andi Kleen) [PATCH] Fix buffer overflow in x86-64/ia64 32bit execve Fix buffer overflow in x86-64/ia64 32bit execve. Originally noted by Ilja van Sprundel. I fixed it for both x86-64 and IA64. Other architectures are not affected. ---- The HF series presents hotfixes for kernels 2.4.[29-31]. See: http://linux.exosec.net/kernel/2.4-hf/ bye, ju -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju@xxxxxxxxx GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970
