Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 2.1 product line. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 144365

Summary: CAN-2004-1074 a.out binfmt DoS
Product: Red Hat Enterprise Linux 2.1 Reporter: Josh Bressers <bressers>
Component: kernelAssignee: Jim Paradis <jparadis>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 2.1CC: peterm, riel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: ia64   
OS: Linux   
Whiteboard: public=20041111,impact=important
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-17 21:33:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2005-01-06 15:25:34 UTC 
*** This bug has been split off bug 144361 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.01.06
10:21 -------

From the lkml mailing list.
http://www.ussg.iu.edu/hypermail/linux/kernel/0411.1/1222.html

It is possible that an improperly formed a.out binary can cause a
kernel-oops, which if executed in a loop will ead fd's and memory.
It seems that you have to turn on memory overcommit on for this to
work.

davej says we didn't enable a.out binaries on FC3 and RHEL4.  This
will be undone in the future though.

We do not turn on memory overcommit by default in RHEL2.1 or 3.
This should make the impact of this issue significantly mitigated
since it seems the issue is only exploitable when overcommit
is on (sysctl -w vm.overcommit_memory=1).  However note that
we do tell customers how to turn this on.

fixed=2.6.10 (20041116 cset@419aaba8xdR0decwoMnVpt3G8_f8kQ)
not fixed for 2.4 (as at Nov24)

Patch: http://www.ussg.iu.edu/hypermail/linux/kernel/0411.1/1290.html
Comment 1 Jim Paradis 2005-01-17 21:33:58 UTC 
This is the same issue as Bug 144785, and the fix has been committed to
RHEL2.1-U7 in kernel version 2.4.18-e.53


*** This bug has been marked as a duplicate of 144785 ***