On Wed, 11 May 2005 19:40:15 +0300, Samuli Suominen wrote: > Package: kernel-source-2.6.8 > Severity: grave > Justification: user security hole > > > A locally exploitable flaw has been found in the Linux ELF binary format > loader's core dump function that allows local users to gain root > privileges and also execute arbitrary code at kernel privilege level. > > Version: 2.2 up to and including 2.2.27-rc2, 2.4 up to and including > 2.4.31-pre1, 2.6 up to and including 2.6.12-rc4 > > Exploit, and futher information: > http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt >
Rumor has it, this is CAN-2005-1263. I'll commit the patch (http://mouth.voxel.net/~dilinger/core_dump_vul.patch) to svn once I'm someplace that I can actually log in..
