Date: Fri, 5 Feb 1999 17:39:53 -0500
From: "Dave G." <dhg@KSRT.ORG>
To: BUGTRAQ@NETSPACE.ORG
Subject: KSR[T] #009: Non Privileged Halt
KSR[T] Security Advisories
http://www.ksrt.org
ksrt@ksrt.org
---
KSR[T] Advisory #009
Date: Feb. 5th 1999
ID #: NonPrivdHALT
Affected Program: MILO/Alpha Linux
Operating System(s): Linux (Redhat 5.x)
Summary: Any local user can cause an Alpha Linux machine to
reboot, lock up or become unstable.
Problem Description: During the beta-testing of an instruction set
auditor, the KSR[T] team found several instructions
that caused an Alpha Linux machine to generate an
'Oops' or to reboot/hang. This involves the call_pal
instruction with different immediate arguments.
The PALcode currently used in the MILO that comes
with Redhat 5.x and below has two additional
debugging PAL calls, DBGSTOP (0xAD) and NPHALT
(0xBF). NPHALT is a non-privileged HALT
instruction, which brings the machine straight
back to the console even from user space.
These calls were used during the development of
MILO and were not intended for production use.
Notes: We would like to thank Richard Henderson,
Alan Cox for their help with this advisory.
Special thanks to Nikita Schmidt for the
problem description.
Patch/Fix: The copies of MILO distributed at
ftp://genie.ucd.ie/pub/alpha/milo/milo-latest
are not vulnerable to this attack.
