Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Linux kernel, denial of service on x86_64

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

On a x86_64 processor, a local attacker can use a malicious ELF
program, in order to stop the system.

Severity: 1/4

Consequences: denial of service of computer

Provenance: user shell

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 01/02/2010

IMPACTED PRODUCTS

 Linux kernel

DESCRIPTION OF THE VULNERABILITY

System calls (select(), poll(), etc.) and memory layout are
different between systems. For example, a program conceived to use
the select() of Solaris may not work with the Linux select()
because of minor behavior changes.

Personalities (or execution domains) indicate how the kernel has
to behave:

 PER_LINUX: normal mode for Linux
 PER_SOLARIS: emulate the Solaris kernel
 PER_IRIX32: emulate the IRIX kernel
 etc.

On a x86_64 processor, an attacker can start a 32 bit application,
which calls via execve() a 64 bit program, which fails. However,
the SET_PERSONALITY() macro was called during the execve(). The
program thus obtained a 64 bit personality, whereas it is a 32 bit
program, which corrupts its state, and stops the kernel.

On a x86_64 processor, a local attacker can therefore use a
malicious ELF program, in order to stop the system.

CHARACTERISTICS

Identifiers: BID-38027, CVE-2010-0307, VIGILANCE-VUL-9395

http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-on-x86-64-9395


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts