Vulnerability Note VU#176888
Linux kernel contains race condition via ptrace/procfs/execve
Unprivileged local users can use the ptrace function to take advantage of a privileged program, while that program is performing a privileged operation, to gain privileged access.
Ptrace is a function, which is often used for debugging, that allows one process to attach to another and monitor or modify its execution state and memory. This vulnerability exploits a race condition that allows an attacker to use ptrace, or similar function (procfs), to attach to and, thus, modify a running setuid process. This enables the attacker to execute arbitratry code with elevated (root) privilege. Linux kernel version 2.2.18 or before are vulnerable to this flaw. Any Linux product that is dependent on this kernel is, therefore, vulnerable.
Unprivileged local users can gain privileged (root) access.
Upgrade the Linux kernel to version 2.2.19 or later. The release notes for Linux 2.2.19 at http://www.linux.org.uk/VERSION/relnotes.2219.html describe the security fix. For users of specific Linux vendors, use the vendor-specific upgrades for convenience and consistency.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||03 Apr 2001||20 May 2002|
|Conectiva||Affected||19 Apr 2001||20 May 2002|
|Debian||Affected||16 Apr 2001||20 May 2002|
|Immunix||Affected||26 Mar 2001||20 May 2002|
|MandrakeSoft||Affected||17 Apr 2001||20 May 2002|
|NetBSD||Affected||15 Jun 2001||20 May 2002|
|Progency Linux Systems||Affected||10 Apr 2001||20 May 2002|
|Red Hat||Affected||10 Apr 2001||20 May 2002|
|SuSE||Affected||17 May 2001||20 May 2002|
|Trustix||Affected||05 Apr 2001||20 May 2002|
|Slackware||Unknown||-||20 May 2002|
CVSS Metrics (Learn More)
Thanks to Wojciech Purczynski for discovering this vulnerability.
This document was written by Andrew P. Moore.
- CVE IDs: CVE-2001-0317
- Date Public: 26 Mar 2001
- Date First Published: 18 Jul 2001
- Date Last Updated: 20 May 2002
- Severity Metric: 25.99
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.