KSR[T] Security Advisories http://www.ksrt.org ksrtat_private --- KSR[T] Advisory #009 Date: Feb. 5th 1999 ID #: NonPrivdHALT Affected Program: MILO/Alpha Linux Operating System(s): Linux (Redhat 5.x) Summary: Any local user can cause an Alpha Linux machine to reboot, lock up or become unstable. Problem Description: During the beta-testing of an instruction set auditor, the KSR[T] team found several instructions that caused an Alpha Linux machine to generate an 'Oops' or to reboot/hang. This involves the call_pal instruction with different immediate arguments. The PALcode currently used in the MILO that comes with Redhat 5.x and below has two additional debugging PAL calls, DBGSTOP (0xAD) and NPHALT (0xBF). NPHALT is a non-privileged HALT instruction, which brings the machine straight back to the console even from user space. These calls were used during the development of MILO and were not intended for production use. Notes: We would like to thank Richard Henderson, Alan Cox for their help with this advisory. Special thanks to Nikita Schmidt for the problem description. Patch/Fix: The copies of MILO distributed at ftp://genie.ucd.ie/pub/alpha/milo/milo-latest are not vulnerable to this attack.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:55 PDT