Bug 134981
Summary: | CAN-2004-0138 Program crashes the kernel | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Bastien Nocera <bnocera> | ||||
Component: | kernel | Assignee: | Jim Paradis <jparadis> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 3.0 | CC: | mjc, peterm, petrides, riel, security-response-team, tao, uthomas | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=important | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-12-02 11:36:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Bastien Nocera
2004-10-07 17:31:24 UTC
Under U2: # ./crash.out Unable to load interpreter request_moduloe[binfmt-464c]: wiatpid(2727,...) failed, errno 512 memory.c:553: bad pgd 000001011a22d000(706d617473656d69) However, it only hangs crash.out there, not the system. urk... the problem is that the main binary is a 64-bit image, but it links to a 32-bit loader and shared library (probably because it's looking for things in /lib rather than in /lib64). I don't know HOW it manages to smash these different flavors together into one image, but it does. That's why we're going nuts in "load_elf**32**_binary()" even though it's a 64-bit main image. RHEL4 manages to correctly reject this mongrel binary, and it shouldn't be hard to add similar checks to RHEL3. Created attachment 105318 [details]
Patch that fixes this bug
I lifted this patch from 2.6; it's an extra sanity check in load_elf_binary()
to ensure that the ELF interpreter is of an arch compatible with the main
program. I tested it and it fixes the problem. Now when you attempt to run
the test program you get the message:
-bash: ./crash.out: Accessing a corrupted shared library
A fix for this problem has just been committed to the RHEL3 U4 patch pool this evening (in kernel version 2.4.21-25.EL). *** Bug 127915 has been marked as a duplicate of this bug. *** The fix for this problem has also been committed to the RHEL3 E4 patch pool this evening (in kernel version 2.4.21-20.0.1.EL). The correct CVE name for this issue is CVE-2004-0138. |