The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of RHEL 5: denial of service via utrace

Synthesis of the vulnerability 

A local attacker can stop systems compiled with utrace support.
Impacted software: RHEL.
Severity of this computer vulnerability: 1/4.
Creation date: 02/05/2007.
Références of this announce: 228816, BID-23720, CVE-2007-0771, RHSA-2007:0169-01, VIGILANCE-VUL-6772.

Description of the vulnerability 

The Red Hat Enterprise Linux kernel uses the utrace patch, which implements a modular infrastructure for user debug, and reimplements ptrace.

However, this patch does not correctly handle several ptrace on current process, which stops the kernel.

A local attacker can therefore create a malicious program in order to generate a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as RHEL.

Our Vigil@nce team determined that the severity of this security vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user account.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this vulnerability bulletin.

Solutions for this threat 

RHEL 5: new kernel packages.
New packages are available:
Red Hat Enterprise Linux v. 5 : kernel-2.6.18-8.1.3.el5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities patch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.