2.2.x also vulnerable - WATCH OUT!!
Posted Nov 19, 2002 22:06 UTC (Tue) by
grantma (subscriber, #5225)
Parent article:
The x86 denial of service bug
I have been working on this one, and noone so far has produced any headlines about it, but 2.2.x is ALSO affected.
I have tested and found 2.2.x is vulnerable with Andrea Arcahneli's exploit. It also has exactly the same lcall7() function in the system
call interface as 2.4.x, and is definitely vulnerable. The patch below STOPS the crashes in 2.2.x
Result of bug isa as in 2.4.x, an absolute lockup of the machine. This
is an easy vulnerablity for a script kiidy to turn any network accessible
buffer overfolw into a DOS.
Here is the patch to fix 2.2:
--- linux/arch/i386/kernel/entry.S.orig Sat Nov 3 05:39:05 2001
+++ linux/arch/i386/kernel/entry.S Tue Nov 19 13:46:47 2002
@@ -63,7 +63,9 @@
OLDSS = 0x38
CF_MASK = 0x00000001
+TF_MASK = 0x00000100
IF_MASK = 0x00000200
+DF_MASK = 0x00000400
NT_MASK = 0x00004000
VM_MASK = 0x00020000
@@ -139,6 +141,9 @@
movl CS(%esp),%edx # this is eip..
movl EFLAGS(%esp),%ecx # and this is cs..
movl %eax,EFLAGS(%esp) #
+ andl $~(NT_MASK|TF_MASK|DF_MASK), %eax
+ pushl %eax
+ popfl
movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) #
movl %esp,%ebx
(
Log in to post comments)
