Petr Vandrovec found a exploitable root hole in all 2.4 x86-64 kernels that have 32bit emulation enabled. The bug does not appear in 2.6 because some rewrites in 2.5 timeframe fixed it as a side effect. This issue does not affect RHEL2.1
Patch for this issue --- linux-2.4.28/arch/x86_64/ia32/ia32entry.S.orig 2004-08-08 01:26:04.000000000 +0200 +++ linux-2.4.28/arch/x86_64/ia32/ia32entry.S 2004-12-06 21:36:06.000000000 +0100 @@ -52,6 +52,7 @@ ENTRY(ia32_syscall) swapgs sti + mov %eax,%eax pushq %rax cld SAVE_ARGS
Embargo moved by SUSE to Dec22nd 12GMT
A fix for this problem has just been committed to the RHEL3 E5 patch pool this evening (in kernel version 2.4.21-27.0.1.EL).
Embargo date and time reached; removing embargo.
A fix for this problem has also been committed to the RHEL3 U5 patch pool this evening (in kernel version 2.4.21-27.4.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-689.html