Date: Sat, 6 Feb 1999 13:53:53 -0800 (PST) From: dima@best.net (Dima Ruban) To: alpha@FreeBSD.ORG Subject: KSR[T] #009: Non Privileged Halt (fwd) Message-ID: <199902062153.NAA53798@burka.rdy.com>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from Dave G. ----- >From burka.rdy.com!netspace.org!owner-bugtraq Sat Feb 6 13:22:21 1999 Received: from flea.best.net (root@flea.best.net [206.184.139.131]) by burka.rdy.com (8.9.2/RDY&DVV) with ESMTP id NAA53647 for <dima@burka.rdy.com>; Sat, 6 Feb 1999 13:22:20 -0800 (PST) Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by flea.best.net (8.9.2/8.9.2/best.fl) with ESMTP id NAA14183 for <dima@BEST.NET>; Sat, 6 Feb 1999 13:22:05 -0800 (PST) Received: from netspace.org ([128.148.157.6]:3636 "EHLO netspace.org" ident: "TIMEDOUT2") by brimstone.netspace.org with ESMTP id <70194-31683>; Sat, 6 Feb 1999 16:05:50 -0500 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8d) with spool id 499283 for BUGTRAQ@NETSPACE.ORG; Sat, 6 Feb 1999 20:59:58 +0000 Approved-By: aleph1@UNDERGROUND.ORG Received: from sitio.dec.net (sitio.dec.net [207.31.199.131]) by netspace.org (8.8.7/8.8.7) with SMTP id RAA22893 for <bugtraq@netspace.org>; Fri, 5 Feb 1999 17:43:44 -0500 Received: (qmail 2586 invoked by uid 501); 5 Feb 1999 22:39:53 -0000 X-Sender: dhg@sitio Message-ID: <Pine.SUN.3.96.990205173831.2584A-100000@sitio> Date: Fri, 5 Feb 1999 17:39:53 -0500 Reply-To: "Dave G." <dhg@KSRT.ORG> Sender: Bugtraq List <BUGTRAQ@netspace.org> From: "Dave G." <dhg@KSRT.ORG> Subject: KSR[T] #009: Non Privileged Halt To: BUGTRAQ@netspace.org KSR[T] Security Advisories http://www.ksrt.org ksrt@ksrt.org --- KSR[T] Advisory #009 Date: Feb. 5th 1999 ID #: NonPrivdHALT Affected Program: MILO/Alpha Linux Operating System(s): Linux (Redhat 5.x) Summary: Any local user can cause an Alpha Linux machine to reboot, lock up or become unstable. Problem Description: During the beta-testing of an instruction set auditor, the KSR[T] team found several instructions that caused an Alpha Linux machine to generate an 'Oops' or to reboot/hang. This involves the call_pal instruction with different immediate arguments. The PALcode currently used in the MILO that comes with Redhat 5.x and below has two additional debugging PAL calls, DBGSTOP (0xAD) and NPHALT (0xBF). NPHALT is a non-privileged HALT instruction, which brings the machine straight back to the console even from user space. These calls were used during the development of MILO and were not intended for production use. Notes: We would like to thank Richard Henderson, Alan Cox for their help with this advisory. Special thanks to Nikita Schmidt for the problem description. Patch/Fix: The copies of MILO distributed at ftp://genie.ucd.ie/pub/alpha/milo/milo-latest are not vulnerable to this attack. ----- End of forwarded message from Dave G. ----- -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-alpha" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902062153.NAA53798>