Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation

To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 308757@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
From: Horms <horms@debian.org>
Date: Thu, 12 May 2005 17:55:25 +0900
Message-id: <[🔎] 20050512085524.GC5664@verge.net.au>
Reply-to: Horms <horms@debian.org>, 308757@bugs.debian.org
In-reply-to: <[🔎] 20050512071349.18A8AB72BC@anton>
References: <[🔎] 20050512071349.18A8AB72BC@anton>

tags 308757 + pending
thanks

On Thu, May 12, 2005 at 09:13:48AM +0200, Moritz Muehlenhoff wrote:
> Package: kernel-source-2.4.27
> Version: unavailable; reported 2005-05-12
> Severity: grave
> Tags: security patch
> 
> Paul Starzetz has found another flaw in the Linux kernel that can be exploited
> to gain extended local privileges. Please see his detailed advisory at
> http://isec.pl/vulnerabilities/isec-0023-coredump.txt
> 
> Greg Kroah-Hartman has posted a patch for 2.6, which should apply to 2.4 as
> well. It's attached.

I have mangled this fix so it applies to 2.4.27 and committed it to SVN.


-- 
Horms

Reply to:

Follow-Ups:
- Processed: Re: Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
  - From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Prev by Date: Re: Kernel Security Updates for Sarge
Next by Date: Re: Kernel Security Updates for Sarge
Previous by thread: Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
Next by thread: Processed: Re: Bug#308757: CAN-2005-1263: Linux kernel ELF core dump privilege elevation
Index(es):
- Date
- Thread