merge 308724 308634 thanks On Wed, May 11, 2005 at 07:40:15PM +0300, Samuli Suominen wrote: > Package: kernel-source-2.6.8 > Severity: grave > Justification: user security hole > > > A locally exploitable flaw has been found in the Linux ELF binary format > loader's core dump function that allows local users to gain root > privileges and also execute arbitrary code at kernel privilege level. > > Version: 2.2 up to and including 2.2.27-rc2, 2.4 up to and including > 2.4.31-pre1, 2.6 up to and including 2.6.12-rc4 > > Exploit, and futher information: > http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt > > -- System Information: > Debian Release: 3.1 > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (i686) > Kernel: Linux 2.6.12-rc4-optimized > Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
On Wed, May 11, 2005 at 03:08:38PM -0400, Andres Salomon wrote: > On Wed, 11 May 2005 19:40:15 +0300, Samuli Suominen wrote: > > > Package: kernel-source-2.6.8 > > Severity: grave > > Justification: user security hole > > > > > > A locally exploitable flaw has been found in the Linux ELF binary format > > loader's core dump function that allows local users to gain root > > privileges and also execute arbitrary code at kernel privilege level. > > > > Version: 2.2 up to and including 2.2.27-rc2, 2.4 up to and including > > 2.4.31-pre1, 2.6 up to and including 2.6.12-rc4 > > > > Exploit, and futher information: > > http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt > > > > Rumor has it, this is CAN-2005-1263. > I'll commit the patch > (http://mouth.voxel.net/~dilinger/core_dump_vul.patch) to svn once I'm > someplace that I can actually log in.. On Wed, May 11, 2005 at 08:59:18PM -0400, Justin Pryzby wrote: > Package: kernel-source-2.6.8 > Severity: grave > Tags: security patch > Justification: user security hole > > http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.9 > > The relevent changes for this CAN appear to be solely in > ./fs/binfmt_elf.c. > > There is also a memset in ./drivers/char/drm/drm_ioctl.c which should > probably be added, among lots of other should-be-fixed things. I am going to work on getting this fix into 2.6.8 and 2.4.27. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]