Bug#319629: [CAN-2005-1768]: Race condition in ia32 compatability code for execve causes local DoS

[Micah Anderson <micah@riseup.net>]

Package: kernel-source-2.4.27
Version: 2.4.27-10
Severity: normal
Tags: security

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768 reads:

Race condition in the ia32 compatibility code for the execve system
call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows
local users to cause a denial of service (kernel panic) and possibly
execute arbitrary code via a concurrent thread that increments a
pointer count after the nargs function has counted the pointers, but
before the count is copied from user space to kernel space, which
leads to a buffer overflow. 

I looked in the pending Changelog for 2.4.27 and did not see this CAN
number listed. Please be sure to reference this CAN number in the
changelog when fixed, as you always do.

Additional reference:
http://marc.theaimsgroup.com/?l=bugtraq&m=112110120216116&w=2

Micah

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages kernel-source-2.4.27 depends on:
ii  binutils                      2.16.1-2   The GNU assembler, linker and bina
ii  bzip2                         1.0.2-7    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 

Versions of packages kernel-source-2.4.27 recommends:
ii  gcc                         4:4.0.0-2    The GNU C compiler
ii  libc6-dev [libc-dev]        2.3.2.ds1-22 GNU C Library: Development Librari
ii  make                        3.80-9       The GNU version of the "make" util

-- no debconf information