Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Gentoo: GLSA-202302-01 Critical: Kernel Flaw Allows Local Access

gentoo
Calendar Grey December 4, 2003
Dist Gentoo Esm H88
Severe vulnerability detected in Gentoo Linux kernel allows unprivileged users to acquire root permissions, prompting urgent system kernel update.
Lack of proper bounds checking exists in the do_brk() kernel function in Linux kernels prior to 2.4.23

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-02 - --------------------------------------------------------------------------
GLSA: 200312-02 package: kernel summary: A flaw in the do_brk() function of Linux kernel 2.4.22 and earlier can be exploited by local users or malicious services to gain root privileges. severity: high Gentoo bug: 34844 date: 2003-12-04 CVE: CAN-2003-0961 exploit: local affected: <2.4.22 fixed: >=2.4.23 fixed: >=2.4.22+patches

DESCRIPTION:
Lack of proper bounds checking exists in the do_brk() kernel function in Linux kernels prior to 2.4.23. This bug can be used to give a userland program or malicious service access to the full kernel address space and gain root privileges. This issue is known to be exploitable.
All kernel ebuilds in Portage have been bumped or patched and do not...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround