Debian DSA 358-1 High: Kernel Issues Affecting Local And Remote Access
debian
August 1, 2003
A number of vulnerabilities have been discovered in the Linux kernel.
Topics Covered
Summary
A number of vulnerabilities have been discovered in the Linux kernel.
- - CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the
exact number of characters used in serial links, which could allow
local users to obtain potentially sensitive information such as the
length of passwords. This bug has been fixed by restricting access
to /proc/tty/driver/serial.
- - CAN-2003-0462: A race condition in the way env_start and env_end
pointers are initialized in the execve system call and used in
fs/proc/base.c on Linux 2.4 allows local users to cause a denial of
service (crash).
- - CAN-2003-0476: The execve system call in Linux 2.4.x records the
file descriptor of the executable process in the file table of the
calling process, which allows local users to gain read access to
restricted file descriptors.
- - CAN-2003-0501: The /proc filesystem in Linux allows local users to
obtain sensitive information by opening various entries in
/proc/self before executing a setuid prog...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-kernel-i386, linux-kernel-alpha
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!