Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Linux)  >   lockdev Vendors:   Polacco, Fabrizio
Linux 'lockdev' May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1007332
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 29 2003
Impact:   Execution of arbitrary code via local system, User access via local system

Description:   A vulnerability was reported in lockdev. A local user may be able to obtain elevated privileges on the system.

0x333 Outsiders Security Labs reported that there is a buffer overflow in the 'setup.c' file. A local user can cause a segmentation fault.

The report did not confirm that code execution is possible. According to the report, the application may be installed with set group id (setgid) 'lock' group privileges. If code execution is possible, a local user can gain 'lock' group privileges.

Impact:   A local user may be able to execute arbitrary code with 'lock' group privileges (however, code execution was not confirmed in the report).
Solution:   No solution was available at the time of this entry.
Cause:   Boundary error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC