Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service on x86_64

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

On a x86_64 processor, a local attacker can use a malicious ELF program, in order to stop the system.

Severity: 1/4

Consequences: denial of service of computer

Provenance: user shell

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 01/02/2010

IMPACTED PRODUCTS

- Linux kernel

DESCRIPTION OF THE VULNERABILITY

System calls (select(), poll(), etc.) and memory layout are different between systems. For example, a program conceived to use the select() of Solaris may not work with the Linux select() because of minor behavior changes.

Personalities (or execution domains) indicate how the kernel has to behave:

- PER_LINUX: normal mode for Linux
- PER_SOLARIS: emulate the Solaris kernel
- PER_IRIX32: emulate the IRIX kernel
- etc.

On a x86_64 processor, an attacker can start a 32 bit application, which calls via execve() a 64 bit program, which fails. However, the SET_PERSONALITY() macro was called during the execve(). The program thus obtained a 64 bit personality, whereas it is a 32 bit program, which corrupts its state, and stops the kernel.

On a x86_64 processor, a local attacker can therefore use a malicious ELF program, in order to stop the system.

CHARACTERISTICS

Identifiers: BID-38027, CVE-2010-0307, VIGILANCE-VUL-9395

http://vigilance.fr/vulnerability/L...




See previous articles

    

See next articles