[VIM] CVE Dupe? (2005-0756 & 2005-1762)

security curmudgeon jericho at attrition.org
Mon Jun 27 20:49:25 EDT 2005

ptrace does not properly verify addresses on the amd64 platform, 
which allows local users to cause a denial of service (kernel crash)




A Denial of Service vulnerability has been discovered in the ptrace()
call on the amd64 platform. By calling ptrace() with specially crafted
("non-canonical") addresses, a local attacker could cause the kernel
to crash. This only affects the amd64 platform. (CAN-2005-1762)

At first glance, 0756 seems to cover 'ptrace' the utility. If that is the 
case, almost everyone is referencing it incorrectly as "Linux Kernel 
ptrace() function". If it is indeed referring to the ptrace function, then 
these two issues seem very close. Both linux kernel, both on amd64 
specifically, both DoS, both with ptrace() function, both via "address 
validation" issues.

More information about the VIM mailing list