CVE-2008-1615 in Ubuntu

CVE-2008-1615

Priority

Description

Linux kernel 2.6.18, and possibly other versions, when running on AMD64
architectures, allows local users to cause a denial of service (crash) via
certain ptrace calls.

Ubuntu-Description

Jan Kratochvil discovered that PTRACE did not correctly handle certain
calls when running under 64bit kernels. A local attacker could exploit
this to crash the system, leading to a denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615
https://usn.ubuntu.com/usn/usn-625-1

Notes

kees	reproducer mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=431430 this is _only_ the CS corruption, so we can ignore the upstream fix

Package

Source: linux (LP Ubuntu Debian)

Upstream:

released (2.6.25~rc1)

Patches:

Diff:	http://marc.info/?l=linux-kernel&m=120219781932243
Upstream:	a57dae3aa4d00a000b5bac4238025438204c78b2 (with more in 3701d863?)

Package

Source: linux-source-2.6.15 (LP Ubuntu Debian)

Upstream:

released (2.6.25~rc1)

Package

Source: linux-source-2.6.20 (LP Ubuntu Debian)

Upstream:

released (2.6.25~rc1)

Package

Source: linux-source-2.6.22 (LP Ubuntu Debian)

Upstream:

released (2.6.25~rc1)

Patches:

Vendor:

http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-cs-corruption.patch?op=file&rev=0&sc=0

More Information

Updated: 2020-03-18 21:58:05 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)