SecurityTeam US - Linux Kernel ELF Core Dump Privilege Escalation Vulnerability


	Contribute : Advanced Search : Web Resources : Polls : File Repository

Poll
What would you like to see on SecurityTeamUS? More News Product Reviews HowTo's Custom RPM/Packages/Tools Other (Please leave comment) Results 96 votes \| 0 comments

Topics
Home Apache Apple Application Software Cisco Systems Database Servers Internet Explorer Linux Macromedia Microsoft Mozilla/Firefox Phishing/ID Theft Real Networks Security News Sun Microsystems Web Appliances/Devices Web Scripts Wi-Fi

Virus Alerts
17 Apr 2011 Troj/Mdrop-DKE 17 Apr 2011 Troj/Sasfis-O 17 Apr 2011 Troj/Keygen-FU 17 Apr 2011 Troj/Zbot-AOY 17 Apr 2011 Troj/Zbot-AOW 17 Apr 2011 W32/Womble-E 17 Apr 2011 Troj/VB-FGD 17 Apr 2011 Troj/FakeAV-DFF 17 Apr 2011 Troj/SWFLdr-W 17 Apr 2011 W32/RorpiaMem-A

Events
There are no upcoming events

Welcome to SecurityTeam US
Monday, February 06 2012 @ 11:35 AM EST

Linux Kernel ELF Core Dump Privilege Escalation Vulnerability

Monday, May 16 2005 @ 10:09 AM EDT

Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a signedness error in the Linux ELF binary format loader's core dump function (elf_core_dump()) and can be exploited to cause a buffer overflow via a specially crafted ELF binary.

Successful exploitation makes it possible to gain root privileges and execute arbitrary code with kernel privileges.

The vulnerability has been reported in versions 2.2 through 2.2.27-rc2, versions 2.4 through 2.4.31-pre1, and versions 2.6 through 2.6.12-rc4.

OPERATING SYSTEM:
Linux Kernel 2.6.x
Linux Kernel 2.4.x
Linux Kernel 2.2.x

SOLUTION:
Update to version 2.6.11.9.
http://kernel.org/

Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Paul Starzetz, iSEC Security Research.

ORIGINAL ADVISORY:
Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.9

iSEC Security Research:
http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt

VERIFY ADVISORY:
http://secunia.com/advisories/15341/

Secunia Security Advisories

What's Related
http://kernel.org/ http://kernel.org/pub/l... http://www.isec.pl/vuln... http://secunia.com/advi... More from Linux

Story Options
Mail Story to a Friend Printable Story Format

Linux Kernel ELF Core Dump Privilege Escalation Vulnerability | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Dedicated Servers
Created this page in 0.18 seconds