Vulnerability Note VU#301156

Linux kernel do_brk() function contains integer overflow

Original Release date: 02 Dec 2003 | Last revised: 02 Dec 2003

Overview

A vulnerability in the linux kernel may permit a local user to gain elevated privileges.

Description

Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call (do_brk() function). This vulnerability may be exploited by a local user to gain elevated or root privileges.

An exploit for this vulnerability exists, and has been used to compromise systems.

Impact

A local user on the system can exploit this vulnerability to gain access to the kernel address space and gain elevated privileges.

Solution

This vulnerability has been resolved in versions 2.4.23 for the 2.4 kernel tree, and the 2.6.0-test6 kernel tree. Please check the "Systems Affected" section for vendor-specific releases.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
AstaroAffected-02 Dec 2003
DebianAffected-02 Dec 2003
LINUXAffected-02 Dec 2003
MandrakeSoftAffected-02 Dec 2003
Red Hat Inc.Affected-02 Dec 2003
SlackwareAffected-02 Dec 2003
TrustixAffected-02 Dec 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Wichert Akkerman for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

  • CVE IDs: CAN-2003-0961
  • Date Public: 01 Dec 2003
  • Date First Published: 02 Dec 2003
  • Date Last Updated: 02 Dec 2003
  • Severity Metric: 23.62
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.