[Security-team] [Fwd: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability]

[Alexey Borovskoy]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Тема: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability
Дата: 7 Jul 2006 12:18:38 -0000


TITLE:
Linux Kernel "prctl" Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA20953

VERIFY ADVISORY:
http://secunia.com/advisories/20953/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/

DESCRIPTION:
A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to bypass certain security
restrictions or potentially gain escalated privileges.

The vulnerability is caused due to improper handling of core dumps.
This can be exploited to dump core files into usually restricted
directories or potentially gain root privileges.

SOLUTION:
Update to version 2.6.17.4.
http://www.kernel.org/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Red Hat.

ORIGINAL ADVISORY:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4

- --
Алексей.
GPG key fingerprint
949B BC0E 2C44 7528 4F63  2753 E37A 9E3F 11F3 BDE1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFErxzD43qePxHzveERAsPQAJ4uBpReDD/iWScmJaDt3uFT1hFaOgCfYXds
9k6vLh0iDnCog2a5GVsZWXQ=
=3pbJ
-----END PGP SIGNATURE-----