Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Linux 'lockdev' May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1007332
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 29 2003
|
Impact: Execution of arbitrary code via local system, User access via local system
|
Description: A vulnerability was reported in lockdev. A local user may be able to obtain elevated privileges on the system.
0x333 Outsiders Security Labs reported that there is a buffer overflow in the 'setup.c' file. A local user can cause a segmentation
fault.
The report did not confirm that code execution is possible. According to the report, the application may be installed
with set group id (setgid) 'lock' group privileges. If code execution is possible, a local user can gain 'lock' group privileges.
|
Impact: A local user may be able to execute arbitrary code with 'lock' group privileges (however, code execution was not confirmed in the report).
|
Solution: No solution was available at the time of this entry.
|
Cause: Boundary error
|
Underlying OS: Linux (Caldera), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandrake), Linux (Progeny Debian), Linux (Red Hat), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
