Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a signedness error in the Linux ELF binary format loader's core dump function (elf_core_dump()) and can be exploited to cause a buffer overflow via a specially crafted ELF binary.
Successful exploitation makes it possible to gain root privileges and execute arbitrary code with kernel privileges.
The vulnerability has been reported in versions 2.2 through 2.2.27-rc2, versions 2.4 through 2.4.31-pre1, and versions 2.6 through 2.6.12-rc4.
OPERATING SYSTEM:
Linux Kernel 2.6.x
Linux Kernel 2.4.x
Linux Kernel 2.2.x
SOLUTION:
Update to version 2.6.11.9.
http://kernel.org/
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
Paul Starzetz, iSEC Security Research.
ORIGINAL ADVISORY:
Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.9
iSEC Security Research:
http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt
VERIFY ADVISORY:
http://secunia.com/advisories/15341/
Secunia Security Advisories
http://community.securityteam.us/article.php/2005051610095495