Linux Kernel ptrace() Function Lets Local Users Modify Kernel Memory
|
|
SecurityTracker Alert ID: 1014305
|
|
SecurityTracker URL: http://securitytracker.com/id?1014305
|
|
CVE Reference: CAN-2005-1763
(Links to External Site)
|
Date: Jun 27 2005
|
Impact: Denial of service via local system, Modification of system information, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6
|
Description: A vulnerability was reported in the Linux kernel in the ptrace() function. A local user can write to kernel memory.
A buffer overflow may allow a local user to write "a few bytes" to kernel memory.
|
Impact: A local user may be able to cause denial of service conditions or gain elevated privileges.
|
Solution: The vendor has issued a fix.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 27 Jun 2005 10:28:11 -0400
Subject: [none]
|
SUSE reported:
> an overflow in the x86-64 ptrace code allowed local users to
> write a few bytes into kernel memory pages they normally
> shouldn't have access to (CAN-2005-1763).
|
|
