search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linux kernel do_brk() function contains integer overflow

Vulnerability Note VU#301156

Original Release Date: 2003-12-02 | Last Revised: 2003-12-02

Overview

A vulnerability in the linux kernel may permit a local user to gain elevated privileges.

Description

Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call (do_brk() function). This vulnerability may be exploited by a local user to gain elevated or root privileges.

An exploit for this vulnerability exists, and has been used to compromise systems.

Impact

A local user on the system can exploit this vulnerability to gain access to the kernel address space and gain elevated privileges.

Solution

This vulnerability has been resolved in versions 2.4.23 for the 2.4 kernel tree, and the 2.6.0-test6 kernel tree. Please check the "Systems Affected" section for vendor-specific releases.

Vendor Information

301156
 
Affected   Unknown   Unaffected

Astaro

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Astaro Security Posting at http://www.astaro.org/showflat.php?Cat=&Number=33179&page=0&view=collapsed&sb=5&o=&fpart=1

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Debian Security Advisory at http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

LINUX

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Version 2.4.23 is available at http://kernel.org/

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the MandrakeSoft Advisory at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc.

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Red Hat Advisory at http://rhn.redhat.com/errata/RHSA-2003-392.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Slackware Security Advisory at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.718266

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix

Updated:  December 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the Trustix Security Advisory at http://www.trustix.org/errata/misc/2003/TSL-2003-0046-kernel.asc.txt

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Wichert Akkerman for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2003-0961
Severity Metric: 23.63
Date Public: 2003-12-01
Date First Published: 2003-12-02
Date Last Updated: 2003-12-02 20:03 UTC
Document Revision: 9

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.