Subject: KSR[T] #009: Non Privileged Halt (fwd)
To: None <port-alpha@netbsd.org>
From: Matthew Jacob <mjacob@feral.com>
List: port-alpha
Date: 02/06/1999 14:03:03 
---------- Forwarded message ----------
Date: Sat, 6 Feb 1999 13:53:53 -0800 (PST)
From: Dima Ruban <dima@best.net>
To: alpha@FreeBSD.ORG
Subject: KSR[T] #009: Non Privileged Halt (fwd)

----- Forwarded message from Dave G. -----

>From burka.rdy.com!netspace.org!owner-bugtraq  Sat Feb  6 13:22:21 1999
	by burka.rdy.com (8.9.2/RDY&DVV) with ESMTP id NAA53647
	for <dima@burka.rdy.com>; Sat, 6 Feb 1999 13:22:20 -0800 (PST)
	by flea.best.net (8.9.2/8.9.2/best.fl) with ESMTP id NAA14183
	for <dima@BEST.NET>; Sat, 6 Feb 1999 13:22:05 -0800 (PST)
          spool id 499283 for BUGTRAQ@NETSPACE.ORG; Sat, 6 Feb 1999 20:59:58
          +0000
Approved-By: aleph1@UNDERGROUND.ORG
          (8.8.7/8.8.7) with SMTP id RAA22893 for <bugtraq@netspace.org>; Fri,
          5 Feb 1999 17:43:44 -0500
Message-ID: <Pine.SUN.3.96.990205173831.2584A-100000@sitio>
Date: 	Fri, 5 Feb 1999 17:39:53 -0500
Reply-To: "Dave G." <dhg@KSRT.ORG>
From: "Dave G." <dhg@KSRT.ORG>
Subject:      KSR[T] #009: Non Privileged Halt
To: BUGTRAQ@netspace.org

KSR[T] Security Advisories
http://www.ksrt.org
ksrt@ksrt.org

---

                                                    KSR[T] Advisory #009
                                                    Date:  Feb. 5th 1999
                                                    ID #:  NonPrivdHALT

Affected Program:    MILO/Alpha Linux

Operating System(s): Linux (Redhat 5.x)

Summary:             Any local user can cause an Alpha Linux machine to
                     reboot, lock up or become unstable.

Problem Description: During the beta-testing of an instruction set
                     auditor, the KSR[T] team found several instructions
                     that caused an Alpha Linux machine to generate an
                     'Oops' or to reboot/hang.  This involves the call_pal
                     instruction with different immediate arguments.

                     The PALcode currently used in the MILO that comes
                     with Redhat 5.x and below has two additional
                     debugging PAL calls, DBGSTOP (0xAD) and NPHALT
                     (0xBF).  NPHALT is a non-privileged HALT
                     instruction, which brings the machine straight
                     back to the console even from user space.

                     These calls were used during the development of
                     MILO and were not intended for production use.

Notes:               We would like to thank Richard Henderson,
                     Alan Cox for their help with this advisory.

                     Special thanks to Nikita Schmidt for the
                     problem description.

Patch/Fix:           The copies of MILO distributed at
                     ftp://genie.ucd.ie/pub/alpha/milo/milo-latest
                     are not vulnerable to this attack.

----- End of forwarded message from Dave G. -----
-- dima

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message