Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.
From: Samuli Suominen <sasuomin@uusikaupunki.fi>
Date: Wed, 11 May 2005 19:40:15 +0300
Message-id: <[🔎] 200505111637.j4BGbtC05902@uusikaupunki.fi>
Reply-to: Samuli Suominen <sasuomin@uusikaupunki.fi>, 308634@bugs.debian.org

Package: kernel-source-2.6.8
Severity: grave
Justification: user security hole


A locally exploitable flaw has been found in the Linux ELF binary format
loader's core dump  function  that  allows  local  users  to  gain  root
privileges and also execute arbitrary code at kernel privilege level.

Version:   2.2 up to and including 2.2.27-rc2, 2.4 up to and including
           2.4.31-pre1, 2.6 up to and including 2.6.12-rc4

Exploit, and futher information: http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.12-rc4-optimized
Locale: LANG=fi_FI@euro, LC_CTYPE=fi_FI@euro (charmap=ISO-8859-15)

Reply to:

Follow-Ups:
- Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.
  - From: Horms <horms@debian.org>
- Bug#308724: Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.
  - From: Horms <horms@debian.org>
- Bug#308634: marked as done (kernel-source-2.6.8: A locally exploitable flaw to gain root.)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Kernel compiling....
Next by Date: Bug#308639: kernel-build vs. kernel-headers splitted broken, headers unuseable
Previous by thread: Bug#308621: kernel-kbuild-2.6-3: modpost can't be used on x86_64 kernels
Next by thread: Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.
Index(es):
- Date
- Thread