Bug 66535 - CVE-2002-1571 kernel leaks register information to other processes
Summary: CVE-2002-1571 kernel leaks register information to other processes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel
Version: 2.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Larry Woodman
QA Contact: Brian Brock
URL:
Whiteboard: impact=moderate,source=lkml,reported=...
Depends On: 66521
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-11 20:49 UTC by Arjan van de Ven
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-07-18 14:00:17 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2002:128 0 normal SHIPPED_LIVE Moderate: Updated kernel with information security fixes, bug fixes, and updated drivers 2002-06-25 04:00:00 UTC

Description Arjan van de Ven 2002-06-11 20:49:52 UTC
The AS kernel leaks the contents of the XMM registers (Screaming Sindy) to other
processes as it fails to zero them on process start and during ptrace. Since
those registers are mostly used by crypto programs this security leak can be
rather senstive. Patch available for 2.4.18; will apply to 2.4.9 with minimal
changes

Comment 1 Larry Woodman 2002-08-05 16:17:47 UTC
Fixed in AS2.1 errata kernel-2.4.9-e.8, released on 7/29.

Larry Woodman


Note You need to log in before you can comment on or make changes to this bug.