Date: Fri, 5 Feb 1999 17:39:53 -0500
From: Dave G. <dhg@KSRT.ORG>
To: BUGTRAQ@netspace.org
Subject: KSR[T] #009: Non Privileged Halt

KSR[T] Security Advisories
http://www.ksrt.org
ksrt@ksrt.org

---

                                                    KSR[T] Advisory #009
                                                    Date:  Feb. 5th 1999
                                                    ID #:  NonPrivdHALT

Affected Program:    MILO/Alpha Linux

Operating System(s): Linux (Redhat 5.x)

Summary:             Any local user can cause an Alpha Linux machine to
                     reboot, lock up or become unstable.

Problem Description: During the beta-testing of an instruction set
                     auditor, the KSR[T] team found several instructions
                     that caused an Alpha Linux machine to generate an
                     'Oops' or to reboot/hang.  This involves the call_pal
                     instruction with different immediate arguments.

                     The PALcode currently used in the MILO that comes
                     with Redhat 5.x and below has two additional
                     debugging PAL calls, DBGSTOP (0xAD) and NPHALT
                     (0xBF).  NPHALT is a non-privileged HALT
                     instruction, which brings the machine straight
                     back to the console even from user space.

                     These calls were used during the development of
                     MILO and were not intended for production use.

Notes:               We would like to thank Richard Henderson,
                     Alan Cox for their help with this advisory.

                     Special thanks to Nikita Schmidt for the
                     problem description.

Patch/Fix:           The copies of MILO distributed at
                     ftp://genie.ucd.ie/pub/alpha/milo/milo-latest
                     are not vulnerable to this attack.