Vulnerability Note VU#628849
ptrace contains vulnerability allowing for local root compromise
Overview
A vulnerability in the Linux 2.2 and 2.4 distributions of ptrace() may permit a local attacker to gain elevated privileges.
Description
The Linux 2.2 and 2.4 kernels contained a flaw in ptrace(). This vulnerability may permit a local user to have the kernel spawn a child process. From the man page: The ptrace system call provides a means by which a parent process may observe and control the execution of another process, and examine and change its core image and registers. It is primarily used to implement breakpoint debugging and system call tracing. If the kernel is built with modules and kernel module loader enabled and /proc/sys/kernel/modprobe contains the path to a valid executable and ptrace() calls are not blocked, then a local user may be able to exploit this vulnerability to gain root privileges to the system. The CERT/CC has seen active exploitation of this vulnerability. |
Impact
A local user can exploit this vulnerability to gain elevated privileges, typically root. |
Solution
This vulnerability has been resolved in Linux 2.2.25 and 2.4.21. Various vendors have also released advisories and updates. Please see the your vendor's advisory for more details. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Conectiva | Affected | - | 16 Apr 2004 |
| Debian | Affected | - | 16 Apr 2004 |
| Gentoo | Affected | - | 16 Apr 2004 |
| Guardian Digital Inc. | Affected | - | 16 Apr 2004 |
| Linux Kernel Archives | Affected | - | 16 Apr 2004 |
| MandrakeSoft | Affected | - | 16 Apr 2004 |
| Red Hat Inc. | Affected | - | 16 Apr 2004 |
| SCO | Affected | - | 16 Apr 2004 |
| Slackware | Affected | - | 16 Apr 2004 |
| SuSE Inc. | Affected | - | 16 Apr 2004 |
| Trustix | Affected | - | 16 Apr 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Andrzej Szombierski for reporting this vulnerability.
This document was written by Jason A Rafail and is based on information provided by Andrzej Szombierski.
Other Information
- CVE IDs: CAN-2003-0127
- Date Public: 17 Mar 2003
- Date First Published: 16 Apr 2004
- Date Last Updated: 30 Apr 2004
- Severity Metric: 14.25
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.