Although this issue is said to only affect 2.6, RHEL3 contained changes to CLONE_THREAD bia nptl backport so this needs looking at by a kernel expert to determine if RHEL3 needs this fix. These are the only details we currently have: +++ This bug was initially created as a clone of Bug #174075 +++ The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). Upstream fix at http://linux.bkbits.net:8080/linux-2.6/cset@437a051edjJd4hepRSim3RmOtpXX5w
Mark, I think that we should declare RHEL3 as not vulnerable to CVE-2005-3783, possible switching the resolution of this bug to NOTABUG. The only problem that PeterS encountered is the one described in bug 170261, which is CVE-2005-3107. Let us know what you think.
Changing disposition to NOTABUG.