Vulnerability Note VU#337238

Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Original Release date: 20 Jan 2004 | Last revised: 20 Jan 2004

Overview

Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges.

Description

The Linux kernel handles the basic functionality of the operating system. There is a vulnerability in the checking of eflags when in 32-bit ptrace emulation mode allowing a local user to gain elevated or root privileges. This vulnerability is reported to only affect kernels built for the AMD64 architecture.

Impact

A local user could gain elevated or root privileges.

Solution

Upgrade or Apply Patch
Upgrade or apply patch as specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Red Hat Inc.Affected-20 Jan 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Red Hat Inc. for the information contained in their advisory.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0001
  • Date Public: 16 Jan 2004
  • Date First Published: 20 Jan 2004
  • Date Last Updated: 20 Jan 2004
  • Severity Metric: 2.95
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.