Chris wright reported a problem with the topdown allocator. This issue is believed to allow a crash, but not result in gaining privileges (most likely due to the BUG() cases added to 2.6 after a previous exploit). We didn't check RHEL4 specifically to determine if this issue affect our shipped version. More details see http://marc.theaimsgroup.com/?l=bk-commits-head&m=111651913006107 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=07ab67c8d0d7c1021343b7d5c045033d6bf7be69
I just submitted a patch.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html