Although this issue is said to only affect 2.6, RHEL3 contained changes to
CLONE_THREAD bia nptl backport so this needs looking at by a kernel expert to
determine if RHEL3 needs this fix. These are the only details we currently have:
+++ This bug was initially created as a clone of Bug #174075 +++
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before
188.8.131.52, using CLONE_THREAD, does not use the thread group ID
to check whether it is attaching to itself, which allows local
users to cause a denial of service (crash).
Upstream fix at
Mark, I think that we should declare RHEL3 as not vulnerable to
CVE-2005-3783, possible switching the resolution of this bug to
NOTABUG. The only problem that PeterS encountered is the one
described in bug 170261, which is CVE-2005-3107.
Let us know what you think.
Changing disposition to NOTABUG.