SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   Caldera/SCO, Conectiva, Debian, EnGarde, Gentoo, HPE, Immunix, Mandriva/Mandrake, Progeny, Red Hat, Slackware, Sun, SuSE, Trustix, TurboLinux, Xandros
Linux Kernel 2.2 and 2.4 Bugs May Allow Local Users to Gain Root Privileges
SecurityTracker Alert ID:  1005445
SecurityTracker URL:  http://securitytracker.com/id/1005445
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 17 2002
Impact:   Execution of arbitrary code via local system, Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.2, 2.4
Description:   Several vulnerabilities were reported in the Linux Kernel (both the 2.2 and 2.4 branches). A local user may be able to gain root privileges on the system.

According to a report from Red Hat, vulnerabilities were found in kernel version 2.4 in the ixj telephony card driver, the pcilynx firewire driver, and the bttv video capture card driver.

Red Hat credits Silvio Cesare for finding these flaws.

Flaws were also found in the 2.2 kernel, involving sign handling, math overflow, and casting errors.

No further details were available at the time of this entry.

Impact:   A local user may be able to gain root privileges on the system.
Solution:   A fixed version (2.2.22 and prepatch 2.4.20-pre11) is available at:

http://www.kernel.org/

Vendor URL:  kernel.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(EnGarde Issues Fix) Linux Kernel 2.2 and 2.4 Bugs May Allow Local Users to Gain Root Privileges
EnGarde has released a fix.



 Source Message Contents

Subject:  Local Linux Kernel Flaws


Red Hat reported that the Linux kernel versions 2.2 and 2.4 contain several potential
security vulnerabilities that may allow local users to gain root privileges.

According to Red Hat, vulnerabilities were found in kernel version 2.4 in the ixj
telephony card driver, the pcilynx firewire driver, and the bttv video capture card
driver.

Red Hat credits Silvio Cesare for finding these flaws.

Red Hat also notes that flaws were found in the 2.2 kernel.

>From kernel.org changelog (2.2.22 Release Notes):

-	Multiple numbers of potential sign handling, maths overflow and
	casting errors were fixed. Some of them are theoretically locally
	exploitable. No remote holes were found.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC