Linux Kernel Bug in load_elf_library Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1013602
|
|
SecurityTracker URL: http://securitytracker.com/id?1013602
|
|
CVE Reference: CAN-2005-0749
(Links to External Site)
|
Date: Mar 30 2005
|
Impact: Denial of service via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.4 prior to 2.4.30-rc2; 2.6 prior to 2.6.11.6
|
Description: A vulnerability was reported in the Linux kernel ELF loader. A local user can cause denial of service conditions.
A local user can invoke the load_elf_library to modify 'elf_phdata', causing the wrong memory to be freed.
The flaw resides in '/fs/binfmt_elf.c'.
Yichen Xie discovered this vulnerability.
|
Impact: A local user can cause the kernel to crash.
|
Solution: The vendor has issued a fixed version (2.4.30-rc2, 2.6.11.6), available at:
http://kernel.org/
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 30 Mar 2005 00:14:31 -0500
Subject: [none]
|
> CAN-2005-0749 : ELF loader may kfree wrong memory.
--
> Potential DOS in load_elf_library
> Yichen Xie <yxie@cs.stanford.edu> points out that load_elf_library can
> modify `elf_phdata' before freeing it.
>
> CAN-2005-0749 is assigned to this issue.
|
|
