SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Linux)  >  Linux Kernel Vendors:  kernel.org
Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
SecurityTracker Alert ID:  1008343
CVE Reference:  CAN-2003-0961   (Links to External Site)
Updated:  Dec 3 2003
Original Entry Date:  Dec 1 2003
Impact:  Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.4.22 and prior 2.4 kernels
Description:  An input validation vulnerability was reported in the Linux 2.4 kernel. A local user can gain root level privileges.

It is reported that the do_brk() function does not perform proper bounds checking. A local user can run a userland application to cause the kernel to grant the local user access to the full kernel address space. The userland application can create an arbitrary and large virtual memory area, exceeding user accessible memory limits (TASK_SIZE).

Red Hat reports that an exploit for this flaw has been found in the wild.
Impact:  A local user can gain root privileges.
Solution:  A fixed kernel version (2.4.23) is available.
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Xandros)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 1 2003 (Red Hat Issues Fix for Enterprise Linux) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux.
Dec 1 2003 (Debian Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (debian-security-announce@lists.debian.org)
Debian has issued a fix.
Dec 1 2003 (Mandrake Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Dec 2 2003 (Red Hat Issues Fix for RedHat Linux) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Linux.
Dec 2 2003 (Trustix Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Dec 2 2003 (Slackware Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Slackware Security Team <security@slackware.com>)
Slackware has issued a fix.
Dec 3 2003 (Turbolinux Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Turbolinux <security-announce@turbolinux.co.jp>)
A fix is available for Turbolinux.
Dec 4 2003 (SuSE Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Olaf Kirch <okir@suse.de>)
SuSE has released a fix.
Dec 4 2003 (Exploit is Available) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Julien TINNES <julien@cr0.org>)
Some assembler exploit code is available.
Dec 4 2003 (Gentoo Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Rajiv Aaron Manglani <rajiv@gentoo.org>)
Gentoo has released a fix.
Dec 5 2003 (Conectiva Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Dec 19 2003 (Red Hat Issues Fix for IA64 RH Enterprise) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux IA64 architecture.
Jan 12 2004 (SmoothWall Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (William Anderson <neuro@smoothwall.org>)
A fix is available for SmoothWall Express.
Feb 4 2004 (Debian Issues Fix for MIPS) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the MIPS architecture.
Feb 18 2004 (Debian Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Feb 18 2004 (Debian Issues Fix for powerpc/apus) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the powerpc/apus architecture.
Feb 27 2004 (Debian Issues Fix for MIPS) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the mips architecture.
Apr 1 2004 (Debian Issues Fix for HPPA) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the hppa architecture.
Apr 2 2004 (VMware Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
VMware has issued a fix for ESX Server.
Apr 6 2004 (Debian Issues Fix for 2.4.18 HPPA) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for the 2.4.18 kernel on the HPPA architecture.


 Source Message Contents
Date:  Mon, 01 Dec 2003 14:35:39 -0500
Subject:  CAN-2003-0961

 

CAN-2003-0961

Red Hat reported:

 > A flaw in bounds checking in the do_brk() function in the Linux kernel
 > versions 2.4.22 and previous can allow a local attacker to gain root
 > privileges.  This issue is known to be exploitable; an exploit has been
 > seen in the wild that takes advantage of this vulnerability.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC