Network Security: Detailed info on Re: Linux kernel ELF core dump privilege elevation

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security VulnWatch

[Top] [All Lists]

Re: Linux kernel ELF core dump privilege elevation

from [Greg KH] Network Security

[Permanent Link]

Subject:	Re: Linux kernel ELF core dump privilege elevation
Date:	Wed, 11 May 2005 11:30:46 -0700

On Wed, May 11, 2005 at 11:12:11AM -0700, Greg KH wrote:

On Wed, May 11, 2005 at 01:08:56PM +0200, Paul Starzetz wrote:

Hi,

since it became clear from the discussion in January about the uselib() 
vulnerability, that the Linux community prefers full, non-embargoed 
disclosure of kernel bugs, I release full details right now. However to 
follows at least some of the responsable disclosure rules, no exploit code 
will be 
released. Instead, only a proof-of-concept code is released to demonstrate 
the vulnerability.


<snip>

And here's a patch for 2.6 that is completly untested.  I'll work on
testing it today and if it works, we will release a new 2.6.11.y release
with this fix in it.

thanks,

greg k-h


Subject: possibly fix Linux kernel ELF core dump privilege elevation

As noted by Paul Starzetz

references CAN-something-I-need-to-go-look-up...


CAN-2005-1263  is the correct one.  Sorry for being lazy and not looking
it up right away.

thanks,

greg k-h

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[VulnWatch] Linux kernel ELF core dump privilege elevation, Paul Starzetz Re: Linux kernel ELF core dump privilege elevation, Greg KH Re: Linux kernel ELF core dump privilege elevation, Greg KH <= Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), chris

Previous by Date:	[VulnWatch] Linux kernel ELF core dump privilege elevation, Paul Starzetz
Next by Date:	[Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, David Remahl
Previous by Thread:	Re: Linux kernel ELF core dump privilege elevation, Greg KH
Next by Thread:	Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz
Indexes:	[Date] [Thread] [Top] [All Lists]