(VMware Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
|
|
SecurityTracker Alert ID: 1009636 |
|
SecurityTracker URL: http://securitytracker.com/id/1009636
|
|
CVE Reference:
CAN-2003-0961
(Links to External Site)
|
Date: Apr 2 2004
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): ESX Server 1.5.2, 2.0, and 2.0.1
|
Description:
An input validation vulnerability was reported in the Linux 2.4 kernel. A local user can gain root level privileges.
It is reported that the do_brk() function does not perform proper bounds checking. A local user can run a userland application to cause the kernel to grant the local user access to the full kernel address space. The userland application can create an arbitrary and large virtual memory area, exceeding user accessible memory limits (TASK_SIZE).
Red Hat reports that an exploit for this flaw has been found in the wild.
|
Impact:
A local user can gain root privileges.
|
Solution:
VMware issued a security update for ESX Server 1.5.2, 2.0, and 2.0.1.
For ESX Server 2.0.1:
http://www.vmware.com/download/esx/esx201-7427update.html
For ESX Server 2:
http://www.vmware.com/download/esx/esx20-7483update.html
For ESX Server 1.5.2 patch 5:
http://www.vmware.com/download/esx/esx152-7428update.html
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 01 Apr 2004 20:34:55 -0500
Subject: VMware security update
|
VMware issued a security update for ESX Server 1.5.2, 2.0, and 2.0.1 regarding CVE entries
CAN-2004-0077, CAN-2003-0961, and CAN-2003-0985.
For ESX Server 2.0.1:
http://www.vmware.com/download/esx/esx201-7427update.html
For ESX Server 2:
http://www.vmware.com/download/esx/esx20-7483update.html
For ESX Server 1.5.2 patch 5:
http://www.vmware.com/download/esx/esx152-7428update.html
|
|
