SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
4c8c22343a9c6f45ba441423e790535d6fa953e7a4733a9309a92d7c98856860Linux kernel versions 2.6.13 through 2.6.17.4 logrotate prctl() local root exploit.
995ad370e696f5f1c0bc629b380daafcd59b60857f273db6b436e78d3a465c8eLocal root exploit for the linux kernel PRCTL core dump handling vulnerability. Affected kernel versions greater than or equal to 2.6.13 and below version 2.6.17.4. Tested by author on 2.6.9-22.ELsmp.
92e668656e0c087c68b636f708d6eb965aaa9c8931d230c3ee05f332ed21bc18The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and POSSIBLY gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
43b35a03fd56d46107a22c6dd5e1fbf42c693fadd0596f7aaa5fee6249b7f76fLocal root exploit for the linux kernel PRCTL core dump handling vulnerability. Affected kernel versions greater than or equal to 2.6.13 and below version 2.6.17.4.
677603aff112604786b2a169c6c42470daa27928b5f9c17dc183f7ed1be5cd7dUbuntu Security Notice 311-1 - A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS.
7561e7fc801390c8838f1fe27efaf5483ef09bccc24d1fcccab73c2e3b1b9963rPath Security Advisory: 2006-0122-1 - Multiple kernel vulnerabilities have been address in rPath Linux.
f289ce55b2831694808c76e2e3e4b4ebaa36572769a708e68d81845d8e7829e4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed