Subject: KSR[T] #009: Non Privileged Halt (fwd)
To: None <port-alpha@netbsd.org>
From: Matthew Jacob <mjacob@feral.com>
List: port-alpha
Date: 02/06/1999 14:03:03
---------- Forwarded message ----------
Date: Sat, 6 Feb 1999 13:53:53 -0800 (PST)
From: Dima Ruban <dima@best.net>
To: alpha@FreeBSD.ORG
Subject: KSR[T] #009: Non Privileged Halt (fwd)
----- Forwarded message from Dave G. -----
>From burka.rdy.com!netspace.org!owner-bugtraq Sat Feb 6 13:22:21 1999
by burka.rdy.com (8.9.2/RDY&DVV) with ESMTP id NAA53647
for <dima@burka.rdy.com>; Sat, 6 Feb 1999 13:22:20 -0800 (PST)
by flea.best.net (8.9.2/8.9.2/best.fl) with ESMTP id NAA14183
for <dima@BEST.NET>; Sat, 6 Feb 1999 13:22:05 -0800 (PST)
spool id 499283 for BUGTRAQ@NETSPACE.ORG; Sat, 6 Feb 1999 20:59:58
+0000
Approved-By: aleph1@UNDERGROUND.ORG
(8.8.7/8.8.7) with SMTP id RAA22893 for <bugtraq@netspace.org>; Fri,
5 Feb 1999 17:43:44 -0500
Message-ID: <Pine.SUN.3.96.990205173831.2584A-100000@sitio>
Date: Fri, 5 Feb 1999 17:39:53 -0500
Reply-To: "Dave G." <dhg@KSRT.ORG>
From: "Dave G." <dhg@KSRT.ORG>
Subject: KSR[T] #009: Non Privileged Halt
To: BUGTRAQ@netspace.org
KSR[T] Security Advisories
http://www.ksrt.org
ksrt@ksrt.org
---
KSR[T] Advisory #009
Date: Feb. 5th 1999
ID #: NonPrivdHALT
Affected Program: MILO/Alpha Linux
Operating System(s): Linux (Redhat 5.x)
Summary: Any local user can cause an Alpha Linux machine to
reboot, lock up or become unstable.
Problem Description: During the beta-testing of an instruction set
auditor, the KSR[T] team found several instructions
that caused an Alpha Linux machine to generate an
'Oops' or to reboot/hang. This involves the call_pal
instruction with different immediate arguments.
The PALcode currently used in the MILO that comes
with Redhat 5.x and below has two additional
debugging PAL calls, DBGSTOP (0xAD) and NPHALT
(0xBF). NPHALT is a non-privileged HALT
instruction, which brings the machine straight
back to the console even from user space.
These calls were used during the development of
MILO and were not intended for production use.
Notes: We would like to thank Richard Henderson,
Alan Cox for their help with this advisory.
Special thanks to Nikita Schmidt for the
problem description.
Patch/Fix: The copies of MILO distributed at
ftp://genie.ucd.ie/pub/alpha/milo/milo-latest
are not vulnerable to this attack.
----- End of forwarded message from Dave G. -----
-- dima
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message