Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Saturday, January 08, 2005  
Linux Kernel Local Privilege Elevation

This is a local privilege escalation flaw that requires local access to the server in order to exploit the flaw.

This flaw is present in both the 2.4 kernel and the 2.6 kernel. All 2.4 releases through 2.4.29-pre3 are vulnerable, and all releases of the 2.6 kernel through 2.6.10 are also vulnerable.

A flaw in the binary format loader layer allows a local exploit through the uselib() functions to bypass privileges. Paul Starzetz of ISEC has released on January 7th, 2005 sample code to demonstrate this exploit (CAN-2004-1235). K-Otik has also released this code on their web site.

Limiting the users to be ones you trust, and keeping a close eye on your servers (and their logs) should mitigate this risk until you have patched your servers.

Patch information on patches can be found in this article at Kernel Trap. Further down in the article it mentions that 2.4.29-rc1, and 2.6.10-ac that have been recently released have addressed this issue. It also corrects the inital report that 2.4.29-rc1 and rc2 were affected, but this turns out to be false. It appears from this Debian bug report that it is a pending fix. Quick searches did not turn it up on other distros, so the fixes are either pending, or testing.

Update (1-10-2004): The Kernel Trap discussion includes patches for both the 2.4 and 2.6 kernels, however these are developer patches for rebuilding the kernel.

posted by David | 1/08/2005 05:59:00 PM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger