Bug 174076

Summary: [RHEL3] CVE-2005-3783 ptrace DoS
Product: Red Hat Enterprise Linux 3 Reporter: Mark J. Cox <mjc>
Component: kernelAssignee: Peter Staubach <staubach>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 3.0CC: lwang, petrides
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=cve,reported=20051123,impact=important,public=20051109
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-05 16:51:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2005-11-24 10:40:43 UTC 
Although this issue is said to only affect 2.6, RHEL3 contained changes to
CLONE_THREAD bia nptl backport so this needs looking at by a kernel expert to
determine if RHEL3 needs this fix.  These are the only details we currently have:

+++ This bug was initially created as a clone of Bug #174075 +++

The ptrace functionality (ptrace.c) in Linux kernel 2.6 before
        2.6.14.2, using CLONE_THREAD, does not use the thread group ID
        to check whether it is attaching to itself, which allows local
        users to cause a denial of service (crash).

Upstream fix at
http://linux.bkbits.net:8080/linux-2.6/cset@437a051edjJd4hepRSim3RmOtpXX5w
Comment 2 Ernie Petrides 2006-01-05 20:34:18 UTC 
Mark, I think that we should declare RHEL3 as not vulnerable to
CVE-2005-3783, possible switching the resolution of this bug to
NOTABUG.  The only problem that PeterS encountered is the one
described in bug 170261, which is CVE-2005-3107.

Let us know what you think.
Comment 3 Ernie Petrides 2006-01-13 22:57:38 UTC 
Changing disposition to NOTABUG.