The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
http://marc.info/?l=oss-security&m=124654277229434&w=2
http://secunia.com/advisories/36131
http://secunia.com/advisories/37471
http://www.redhat.com/support/errata/RHSA-2009-1193.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35559
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/attachment.cgi?id=346615
https://bugzilla.redhat.com/attachment.cgi?id=346742
https://bugzilla.redhat.com/show_bug.cgi?id=504263
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8625
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8680
OR
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89117 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) | Nessus | Misc. | critical |
79507 | OracleVM 2.2 : kernel (OVMSA-2013-0039) | Nessus | OracleVM Local Security Checks | critical |
67904 | Oracle Linux 5 : kernel (ELSA-2009-1193) | Nessus | Oracle Linux Local Security Checks | high |
60634 | Scientific Linux Security Update : kernel for SL 5.x on i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
43773 | CentOS 5 : kernel (CESA-2009:1193) | Nessus | CentOS Local Security Checks | high |
42870 | VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. | Nessus | VMware ESX Local Security Checks | critical |
40487 | RHEL 5 : kernel (RHSA-2009:1193) | Nessus | Red Hat Local Security Checks | high |
801471 | CentOS RHSA-2009-1193 Security Check | Log Correlation Engine | Generic | high |