Info

Disclosure

Apr 19, 2006

Discovery

Unknown

Dates

Exploit

Apr 19, 2006

Solution

Unknown

Description

The Linux Kernel contains a flaw that may allow a malicious user to escape a chroot environment. The issue is triggered when a user attempts to change to a working directory outside a chroot environment in a CIFS file system using a double backslash, e.g. 'cd ..\\'. It is possible that the flaw may allow unauthorised access to file system resources, resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.6.16.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

2.6.16.10

References

Bugtraq ID: 17742
Secunia Advisory ID: 19868 20398 21614
CVE ID: 2006-1863 (see also: NVD)
SCIP VulDB ID: 2193
Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=296034f7de8bdf111984ce1630ac598a9c94a253
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.11
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434
Vendor Specific Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.novell.com/linux/security/advisories/2006-05-31.html

Credit

Marcel Holtmann -

Direct URL: http://osvdb.org/25068