Linux Kernel binfmt_elf Loader Lets Local Users Obtain Root Access
|
|
SecurityTracker Alert ID: 1012165 |
|
SecurityTracker URL: http://securitytracker.com/id/1012165
|
|
CVE Reference:
CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074
(Links to External Site)
|
Updated: Dec 1 2004
|
Original Entry Date: Nov 10 2004
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
|
Version(s): 2.4 through 2.4.27, 2.6 through 2.6.8
|
Description:
Some vulnerabilities were reported in the Linux kernel in the binfmt_elf loader. A local user can obtain root privileges on the target system.
Paul Starzetz reported several flaws in the ELF loader in the processing of set user id (setuid) binaries. These flaws include incorrect return value validation in the load_elf_binary() function, some faulty error handling, and an unterminated string bug in 'binfmt_elf.c' and also a file-type validation bug in 'exec.c' that allows non-readable ELF binaries to be read.
A local user can exploit these flaws to cause a setuid binary to execute arbitrary code.
The original advisory, including some demonstration exploit code, is available at:
http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
|
Impact:
A local user can execute arbitrary code with setuid privileges to obtain root access on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Access control error, Boundary error, Exception handling error, Input validation error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
