OSVDB ID: 27120

Title: Linux Kernel /proc/self/environ prctl Race Condition Local Privilege Escalation

Info

Disclosure
Jul 17, 2006

Discovery
Unknown

Dates

Exploit
Jul 17, 2006

Solution
Unknown

Description

 Linux kernel contains a flaw that may allow local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. The issue is triggered by a race condition occurs in '/proc' when changing file status. This flaw may lead to a loss of integrity.

Classification

 Location: Local Access Required
Attack Type: Information Disclosure, Race Condition
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

 Upgrade to version 2.6.17.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Kernel

 2.5.x
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8.x
2.6.9.x
2.6.10
2.6.11.x
2.6.12.x
2.6.13.x
2.6.14.x
2.6.15.x
2.6.16.x
2.6.17.1
2.6.17.2
2.6.17.3
2.6.17.4
2.6.17.5
2.6.17.6

References

Credit
  • Joanna R. - h00lyshityahoo.ie -


Direct URL: http://osvdb.org/27120