CVE-2010-0307
First published: Mon Feb 01 2010(Updated: )
Description of problem: The problem seams to be located in fs/binfmt_elf.c:load_elf_binary(). It calls SET_PERSONALITY() prior checking that the ELF interpreter is available. This in turn makes the previously 32 bit process a 64 bit one which would be fine if execve() would succeed. But after the SET_PERSONALITY() the open_exec() call fails (because it cannot find the interpreter) and execve() almost instantly returns with an error. If you now look at /proc/PID/maps you'll see, that it has the vsyscall page mapped which shouldn't be. But the process is not dead yet, it's still running. By now generating a segmentation fault and in turn trying to generate a core dump the kernel just dies. Steps to Reproduce: 1. Enable core dumps 2. Start an 32 bit program that tries to execve() an 64 bit program 3. The 64 bit program cannot be started by the kernel because it can't find the interpreter, i.e. execve returns with an error 4. Generate a segmentation fault 5. panic (EDIT: This is triggerable on 2.6.31.9-174.fc12.x86_64). Upstream commit: <a href="http://git.kernel.org/linus/221af7f87b97431e3ee21ce4b0e77d5411cf1549">http://git.kernel.org/linus/221af7f87b97431e3ee21ce4b0e77d5411cf1549</a> Discussions: <a href="http://marc.info/?t=126466700200002&r=1&w=2">http://marc.info/?t=126466700200002&r=1&w=2</a> Acknowledgements: Red Hat would like to thank Mathias Krause for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | <2.6.32.8 | |
| Debian | =5.0 | |
| Debian | =4.0 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =9.04 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =8.10 | |
| Ubuntu Linux | =9.10 | |
| Linux Kernel | <2.6.32.8 | |
| Ubuntu | =6.06 | |
| Ubuntu | =8.04 | |
| Ubuntu | =8.10 | |
| Ubuntu | =9.04 | |
| Ubuntu | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8
- http://www.securityfocus.com/bid/38027
- http://www.openwall.com/lists/oss-security/2010/02/04/1
- http://www.openwall.com/lists/oss-security/2010/02/01/1
- http://marc.info/?t=126466700200002&r=1&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=560547
- http://www.openwall.com/lists/oss-security/2010/02/04/9
- http://www.openwall.com/lists/oss-security/2010/02/01/5
- http://marc.info/?l=linux-mm&m=126466407724382&w=2
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
- http://www.debian.org/security/2010/dsa-1996
- http://secunia.com/advisories/38492
- http://www.ubuntu.com/usn/USN-914-1
- http://www.vupen.com/english/advisories/2010/0638
- https://rhn.redhat.com/errata/RHSA-2010-0146.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
- http://secunia.com/advisories/38922
- http://www.redhat.com/support/errata/RHSA-2010-0398.html
- http://secunia.com/advisories/39649
- http://secunia.com/advisories/38779
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
- http://support.avaya.com/css/P8/documents/100088287
- http://www.redhat.com/support/errata/RHSA-2010-0771.html
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549
- http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20100202%2C15754.html
- http://git.kernel.org/linus/221af7f87b97431e3ee21ce4b0e77d5411cf1549
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=387971
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=387971&action=edit
- http://git.kernel.org/linus/05d43ed8a89c159ff641d472f970e3f1baa66318
- http://git.kernel.org/linus/94673e968cbcce07fa78dac4b0ae05d24b5816e1
- http://admin.fedoraproject.org/updates/kernel-2.6.30.10-105.2.13.fc11
- http://admin.fedoraproject.org/updates/kernel-2.6.31.12-174.2.17.fc12
- http://marc.info/?l=linux-kernel&m=126636290420589&q=raw
- https://rhn.redhat.com/errata/RHSA-2010-0398.html
- https://rhn.redhat.com/errata/RHSA-2010-0771.html
Frequently Asked Questions
What is the severity of CVE-2010-0307?
CVE-2010-0307 is classified as a high-severity vulnerability due to its impact on system stability and potential exploitation.
How do I fix CVE-2010-0307?
To mitigate CVE-2010-0307, update the Linux kernel to version 2.6.32.9 or later, which addresses this flaw.
Which software versions are affected by CVE-2010-0307?
CVE-2010-0307 affects multiple versions of the Linux kernel, Debian Linux 4.0 and 5.0, and several Ubuntu Linux versions.
Is CVE-2010-0307 exploitable remotely?
CVE-2010-0307 could potentially be exploited remotely, making it crucial to address the vulnerability promptly.
What are the consequences of not patching CVE-2010-0307?
Failing to patch CVE-2010-0307 may lead to privilege escalation, system crashes, or integrity threats on affected systems.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0307
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian
- version/debian/5.0
- version/debian/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/9.04
- version/ubuntu linux/8.04
- version/ubuntu linux/8.10
- version/ubuntu linux/9.10
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/8.04
- version/ubuntu/8.10
- version/ubuntu/9.04
- version/ubuntu/9.10