kernel: local root exploit in 2.4.22 [LWN.net]

Package(s):

kernel

CVE #(s):

CAN-2003-0961

Created:

December 1, 2003

Updated:

April 5, 2004

Description:

A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable.

The 2.4.23 kernel contains the fix. For more details on how this vulnerability works, see this LWN article.

Alerts:

Debian	DSA-475-1	2004-04-05
Debian	DSA-470-1	2004-04-01
Debian	DSA-442-1	2004-02-19
Debian	DSA-433-1	2004-02-04
Debian	DSA-423-1	2004-01-15
Red Hat	RHSA-2003:368-01	2003-12-19
Conectiva	CLA-2003:796	2003-12-05
Gentoo	200312-02	2003-12-04
SuSE	SuSE-SA:2003:049	2003-12-04
Yellow Dog	YDU-20031203-1	2003-12-03
Red Hat	RHSA-2003:389-01	2003-12-01
Fedora	FEDORA-2003-026	2003-12-02
Slackware	SSA:2003-336-01	2003-12-01
Red Hat	RHSA-2003:392-00	2003-12-01
Trustix	2003-0046	2003-12-01
Mandrake	MDKSA-2003:110	2003-12-01
Debian	DSA-403-1	2003-12-01

(Log in to post comments)

kernel: local root exploit in 2.4.22

Posted Dec 4, 2003 2:50 UTC (Thu) by kit (guest, #4609) [Link]

Correction, the Fedora advisory is for another issue unrelated to do_brk(). While the timing is similar, the changelog in the linked advisory shows this is the case.

See comment from Red Hat employee here :

http://www.redhat.com/archives/fedora-list/2003-December/msg00484.html

"2.4.22-1.2115.nptl kernel in FC1 is not vulnerable to this issue.
See linux-2.4.18-smallpatches.patch patch in
kernel-2.4.22-1.2115.nptl.src.rpm (mm/mmap.c change)."