The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[UNIX] PaX Linux Kernel Patch DoS


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: 4 May 2004 15:51:30 +0200
From: SecuriTeam <[email protected]>
To: [email protected]
Subject: [UNIX] PaX Linux Kernel Patch DoS

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  PaX Linux Kernel Patch DoS
------------------------------------------------------------------------


SUMMARY

PaX is a collection of intrusion prevention patches for the Linux Kernel. 
Among others it can disable execution of code from specific memory pages 
that can help prevent buffer overflow exploitations.

A bug in the PaX kernel patch allows for a denial of service condition on 
the kernel that effectively freezes the machine.

DETAILS

Vulnerable Systems:
 * PaX kernel patch for the Linux kernel 2.6, versions prior to 2004.05.01

Immune Systems:
 * PaX kernel patch version 2004.05.01

The denial-of-service condition arises when ASLR is enabled. The bug 
causes the kernel to enter an infinite loop. Part of the relevant code is 
presented below:

'linux/mm/mmap.c' if (start_addr != TASK_UNMAPPED_BASE) { #ifdef CONFIG_PAX_RANDMMAP if (current->flags & PF_PAX_RANDMMAP) start_addr = addr = TASK_UNMAPPED_BASE + mm->delta_mmap; else #endif start_addr = addr = TASK_UNMAPPED_BASE; goto full_search; } return -ENOMEM;
Vendor Status: Gr-Security are aware of the problem and have already released a newer version. Also, a patch can be found at <http://pax.grsecurity.net/pax-linux-2.6.5-200405011700.patch>; http://pax.grsecurity.net/pax-linux-2.6.5-200405011700.patch. ADDITIONAL INFORMATION The information has been provided by <mailto:[email protected]> ChrisR-.
This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [email protected] In order to subscribe to the mailing list, simply forward this email to: [email protected]

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру