66535 – CVE-2002-1571 kernel leaks register information to other processes

Bug 66535 - CVE-2002-1571 kernel leaks register information to other processes

Summary: CVE-2002-1571 kernel leaks register information to other processes

Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:	(Show other bugs)
Version:	2.1
Hardware:	i386 Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Larry Woodman
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	impact=moderate,source=lkml,reported=...
Keywords:	Security
Depends On:	66521
Blocks:
TreeView+	depends on / blocked

Reported:	2002-06-11 20:49 UTC by Arjan van de Ven
Modified:	2007-11-30 22:06 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2002-07-18 14:00:17 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2002:128	normal	SHIPPED_LIVE	Moderate: Updated kernel with information security fixes, bug fixes, and updated drivers	2002-06-25 04:00:00 UTC

Description Arjan van de Ven 2002-06-11 20:49:52 UTC

The AS kernel leaks the contents of the XMM registers (Screaming Sindy) to other
processes as it fails to zero them on process start and during ptrace. Since
those registers are mostly used by crypto programs this security leak can be
rather senstive. Patch available for 2.4.18; will apply to 2.4.9 with minimal
changes

Comment 1 Larry Woodman 2002-08-05 16:17:47 UTC

Fixed in AS2.1 errata kernel-2.4.9-e.8, released on 7/29.

Larry Woodman

Note You need to log in before you can comment on or make changes to this bug.

TreeView+

- Top of page