Bug 174076 - [RHEL3] CVE-2005-3783 ptrace DoS
Summary: [RHEL3] CVE-2005-3783 ptrace DoS
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel
Version: 3.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Peter Staubach
QA Contact: Brian Brock
URL:
Whiteboard: source=cve,reported=20051123,impact=i...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-24 10:40 UTC by Mark J. Cox
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-01-05 16:51:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Mark J. Cox 2005-11-24 10:40:43 UTC 
Although this issue is said to only affect 2.6, RHEL3 contained changes to
CLONE_THREAD bia nptl backport so this needs looking at by a kernel expert to
determine if RHEL3 needs this fix.  These are the only details we currently have:

+++ This bug was initially created as a clone of Bug #174075 +++

The ptrace functionality (ptrace.c) in Linux kernel 2.6 before
        2.6.14.2, using CLONE_THREAD, does not use the thread group ID
        to check whether it is attaching to itself, which allows local
        users to cause a denial of service (crash).

Upstream fix at
http://linux.bkbits.net:8080/linux-2.6/cset@437a051edjJd4hepRSim3RmOtpXX5w
Comment 2 Ernie Petrides 2006-01-05 20:34:18 UTC 
Mark, I think that we should declare RHEL3 as not vulnerable to
CVE-2005-3783, possible switching the resolution of this bug to
NOTABUG.  The only problem that PeterS encountered is the one
described in bug 170261, which is CVE-2005-3107.

Let us know what you think.
Comment 3 Ernie Petrides 2006-01-13 22:57:38 UTC 
Changing disposition to NOTABUG.
Note You need to log in before you can comment on or make changes to this bug.