Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.

To: Samuli Suominen <sasuomin@uusikaupunki.fi>, 308634@bugs.debian.org
Subject: Bug#308634: kernel-source-2.6.8: A locally exploitable flaw to gain root.
From: Andres Salomon <dilinger@athenacr.com>
Date: Wed, 11 May 2005 15:08:38 -0400
Message-id: <[🔎] pan.2005.05.11.19.08.37.537853@athenacr.com>
Reply-to: Andres Salomon <dilinger@athenacr.com>, 308634@bugs.debian.org
References: <200505111637.j4BGbtC05902__16850.7850882181$1115829991$gmane$org@uusikaupunki.fi>

On Wed, 11 May 2005 19:40:15 +0300, Samuli Suominen wrote:

> Package: kernel-source-2.6.8
> Severity: grave
> Justification: user security hole
> 
> 
> A locally exploitable flaw has been found in the Linux ELF binary format
> loader's core dump  function  that  allows  local  users  to  gain  root
> privileges and also execute arbitrary code at kernel privilege level.
> 
> Version:   2.2 up to and including 2.2.27-rc2, 2.4 up to and including
>            2.4.31-pre1, 2.6 up to and including 2.6.12-rc4
> 
> Exploit, and futher information: http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
> 

Rumor has it, this is CAN-2005-1263.
I'll commit the patch
(http://mouth.voxel.net/~dilinger/core_dump_vul.patch) to svn once I'm
someplace that I can actually log in..

Reply to:

Prev by Date: Processed: kernel
Next by Date: Re: Common kernel-image source package
Previous by thread: Bug#308634: marked as done (kernel-source-2.6.8: A locally exploitable flaw to gain root.)
Next by thread: Bug#308639: kernel-build vs. kernel-headers splitted broken, headers unuseable
Index(es):
- Date
- Thread