Linux Kernel IA64 Architecture restore_sigcontext() Access Control Bug May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1014275
|
|
SecurityTracker URL: http://securitytracker.com/id?1014275
|
|
CVE Reference: CVE-2005-1761
(Links to External Site)
|
Updated: Jul 7 2008
|
Original Entry Date: Jun 23 2005
|
Impact: Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6 prior to 2.6.12.1
|
Description: A vulnerability was reported in the Linux kernel. A local user may be able to gain elevated privileges.
An access control error in the restore_sigcontext() function allows a local user to invoke ptrace to access the AR.RSC register.
IA64-based architectures are affected.
|
Impact: [Editor's note: The impact was not specifically identified but is appears to allow privilege escalation.]
|
Solution: The vendor has released a fixed version (2.6.12.1), available at:
http://www.kernel.org/
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 23 Jun 2005 04:09:14 -0400
Subject: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
|
[PATCH] ia64 ptrace + sigrestore_context (CAN-2005-1761)
This patch fixes handling of accesses to ar.rsc via ptrace &
restore_sigcontext
|
|
