[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#289155: CAN-2004-1235: uselib() privilege escalation

Package: kernel-source-2.6.8
Version: 2.6.8
Severity: grave
Tags: security
Justification: user security hole

Paul Starzetz from iSec Security Research has discovered a local root exploit in
the Linux kernel:
> Locally exploitable  flaws have  been  found in  the  Linux
> binary format loaders' uselib() functions that allow  local
> users to gain root privileges.

The full advisory text: http://isec.pl/vulnerabilities/isec-0021-uselib.txt

I haven't found a patch for 2.6 yet, a patch for 2.4 is available in
the 2.4 Bitkeeper branch.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-386
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-2    high-quality block-sorting file co
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
Reply to: