CVE-2010-0307

2010-02-1700:00:00

ubuntu.com

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before
2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is
available before a call to the SET_PERSONALITY macro, which allows local
users to cause a denial of service (system crash) via a 32-bit application
that attempts to execute a 64-bit application and then triggers a
segmentation fault, as demonstrated by amd64_killer, related to the
flush_old_exec function.

Notes

Author	Note
jdstrand	commits based on comments from dann frazier <[email protected]> in oss-security

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-27.68UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-17.46UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-18.60UNKNOWN
ubuntu9.10noarchlinux< 2.6.31-20.58UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.83UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	linux	< 2.6.24-27.68	UNKNOWN
ubuntu	8.10	noarch	linux	< 2.6.27-17.46	UNKNOWN
ubuntu	9.04	noarch	linux	< 2.6.28-18.60	UNKNOWN
ubuntu	9.10	noarch	linux	< 2.6.31-20.58	UNKNOWN
ubuntu	6.06	noarch	linux-source-2.6.15	< 2.6.15-55.83	UNKNOWN