Vulnerability Note VU#301156

Linux kernel do_brk() function contains integer overflow

Overview

A vulnerability in the linux kernel may permit a local user to gain elevated privileges.

I. Description

Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call (do_brk() function). This vulnerability may be exploited by a local user to gain elevated or root privileges.

An exploit for this vulnerability exists, and has been used to compromise systems.

II. Impact

A local user on the system can exploit this vulnerability to gain access to the kernel address space and gain elevated privileges.

III. Solution

This vulnerability has been resolved in versions 2.4.23 for the 2.4 kernel tree, and the 2.6.0-test6 kernel tree. Please check the "Systems Affected" section for vendor-specific releases.

Systems Affected

Vendor	Status	Date Notified
Astaro	Vulnerable	2-Dec-2003
Debian	Vulnerable	2-Dec-2003
LINUX	Vulnerable	2-Dec-2003
MandrakeSoft	Vulnerable	2-Dec-2003
Red Hat Inc.	Vulnerable	2-Dec-2003
Slackware	Vulnerable	2-Dec-2003
Trustix	Vulnerable	2-Dec-2003

References

http://www.secunia.com/advisories/10328/
http://www.secunia.com/advisories/10329/
http://www.secunia.com/advisories/10333/
http://www.secunia.com/advisories/10330/
http://www.secunia.com/advisories/10338/

Credit

Thanks to Wichert Akkerman for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:	2003-12-01
Date First Published:	2003-12-02
Date Last Updated:	2003-12-02
CERT Advisory:
CVE-ID(s):	CAN-2003-0961
NVD-ID(s):	CAN-2003-0961
US-CERT Technical Alerts:
Metric:	23.62
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader