SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
SecurityTracker Alert ID:  1008343
SecurityTracker URL:  http://securitytracker.com/id/1008343
CVE Reference:   CVE-2003-0961   (Links to External Site)
Updated:  Dec 3 2003
Original Entry Date:  Dec 1 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.22 and prior 2.4 kernels
Description:   An input validation vulnerability was reported in the Linux 2.4 kernel. A local user can gain root level privileges.

It is reported that the do_brk() function does not perform proper bounds checking. A local user can run a userland application to cause the kernel to grant the local user access to the full kernel address space. The userland application can create an arbitrary and large virtual memory area, exceeding user accessible memory limits (TASK_SIZE).

Red Hat reports that an exploit for this flaw has been found in the wild.

Impact:   A local user can gain root privileges.
Solution:   A fixed kernel version (2.4.23) is available.
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Input validation error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 1 2003 (Red Hat Issues Fix for Enterprise Linux) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Red Hat has released a fix for Red Hat Enterprise Linux.
Dec 1 2003 (Debian Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has issued a fix.
Dec 1 2003 (Mandrake Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Mandrake has released a fix.
Dec 2 2003 (Red Hat Issues Fix for RedHat Linux) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Red Hat has released a fix for Red Hat Linux.
Dec 2 2003 (Trustix Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Trustix has released a fix.
Dec 2 2003 (Slackware Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Slackware has issued a fix.
Dec 3 2003 (Turbolinux Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
A fix is available for Turbolinux.
Dec 4 2003 (SuSE Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
SuSE has released a fix.
Dec 4 2003 (Exploit is Available) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Some assembler exploit code is available.
Dec 4 2003 (Gentoo Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Gentoo has released a fix.
Dec 5 2003 (Conectiva Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Conectiva has released a fix.
Dec 19 2003 (Red Hat Issues Fix for IA64 RH Enterprise) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Red Hat has released a fix for Red Hat Enterprise Linux IA64 architecture.
Jan 12 2004 (SmoothWall Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
A fix is available for SmoothWall Express.
Feb 4 2004 (Debian Issues Fix for MIPS) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix for the MIPS architecture.
Feb 18 2004 (Debian Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix.
Feb 18 2004 (Debian Issues Fix for powerpc/apus) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix for the powerpc/apus architecture.
Feb 27 2004 (Debian Issues Fix for MIPS) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix for the mips architecture.
Apr 1 2004 (Debian Issues Fix for HPPA) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix for the hppa architecture.
Apr 2 2004 (VMware Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
VMware has issued a fix for ESX Server.
Apr 6 2004 (Debian Issues Fix for 2.4.18 HPPA) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
Debian has released a fix for the 2.4.18 kernel on the HPPA architecture.



 Source Message Contents

Subject:  CVE-2003-0961


CAN-2003-0961

Red Hat reported:

 > A flaw in bounds checking in the do_brk() function in the Linux kernel
 > versions 2.4.22 and previous can allow a local attacker to gain root
 > privileges.  This issue is known to be exploitable; an exploit has been
 > seen in the wild that takes advantage of this vulnerability.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC