A vulnerability in the linux kernel may permit a local user to gain elevated privileges.
Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call (do_brk() function). This vulnerability may be exploited by a local user to gain elevated or root privileges.
An exploit for this vulnerability exists, and has been used to compromise systems.
A local user on the system can exploit this vulnerability to gain access to the kernel address space and gain elevated privileges.
This vulnerability has been resolved in versions 2.4.23 for the 2.4 kernel tree, and the 2.6.0-test6 kernel tree. Please check the "Systems Affected" section for vendor-specific releases.
Thanks to Wichert Akkerman for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-12-02|
|Date Last Updated:||2003-12-02 20:03 UTC|