Bug 487255 (CVE-2009-0835)
Summary: | CVE-2009-0835 kernel: x86-64: seccomp: 32/64 syscall hole | |||
---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | |
Status: | CLOSED ERRATA | QA Contact: | ||
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | unspecified | CC: | cebbert, davej, lgoncalv, lwang, roland, security-response-team, vdanen, williams | |
Target Milestone: | --- | Keywords: | Security | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 487741 (view as bug list) | Environment: | ||
Last Closed: | 2010-04-09 03:28:50 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 487741 |
Description
Eugene Teo (Security Response)
2009-02-25 03:25:59 UTC
Programs affected: Fortunately, pretty much no-one uses seccomp. Severity: Syscall policy violation. This is a specific follow-on from CESA-2009-001 which noted a generic Linux issue with syscall filtering. The Linux kernel actually has a built-in syscall filtering technology called "seccomp". It permits a process to restrict itself to an extremely restricted set of syscalls -- read(), write(), exit(), sigreturn(). That's very powerful if not quite generic enough for wide use. Check out prctl(PR_SET_SECCOMP, ...). The confusion with 32-bit vs. 64-bit syscall numbers applies in this context too. The impact is very limited because of the limited number of syscalls which can abuse this mix up.[...] http://scary.beasts.org/security/CESA-2009-004.html Proposed patches for upstream kernel: http://lkml.org/lkml/2009/2/27/451 summary http://lkml.org/lkml/2009/2/27/453 seccomp http://lkml.org/lkml/2009/2/28/23 seccomp follow-ups rhel-5 did not set CONFIG_SECCOMP. CVSS2 score of low, 3.6 (AV:L/AC:L/Au:N/C:P/I:P/A:N) This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:0451 https://rhn.redhat.com/errata/RHSA-2009-0451.html |