Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-251: Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability

[CVE-2009-2848]

October 15, 2009 15:00 GMT
PROBLEM: The Linux kernel is prone to a local denial-of-service vulnerability.
PLATFORM: Linux Kernel 2.2.27 thru Linux Kernel 2.6.30 rc3, RedHat Enterprise Linux 4 all versions, RedHat Enterprise Linux 5, RedHat Enterprise Linux 5 Client, and RedHat Enterprise Linux 5.3.z EUS
ABSTRACT: The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-251.shtml
  OTHER LINKS: Security Focus:
http://www.securityfocus.com/bid/35930/info
X-Force
http://xforce.iss.net/xforce/xfdb/52899

  CVE: CVE-2009-2848
IMPACT ASSESSMENT: This risk is low. A local attacker can exploit this issue to corrupt memory, resulting in a denial-of-service condition. 
[***** Start CVE-2009-2848 *****]
Discussion:
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Solution:
Updates are available. Please see below for more information.


Debian Linux 4.0 mips

* Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb

* Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb

Debian Linux 4.0 arm

* Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers -2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2 .6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb

* Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb

Debian Linux 4.0 m68k

* Debian linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6 .18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-d ebian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source- 2.6.18_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support -2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb

* Debian linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2. 6.18_2.6.18.dfsg.1-24etch4_all.deb

[***** End CVE-2009-2848 *****]
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788