GLSA Bodhisattva
Joined: 17 Apr 2002 Posts: 2602 Location: Baltimore, MD
|
Posted: Tue Feb 17, 2004 6:20 pm Post subject: [ GLSA 200402-06 ] Updated kernel packages fix the AMD64 ptr |
|
|
Gentoo Linux Security Advisory
Title: Updated kernel packages fix the AMD64 ptrace vulnerability (GLSA 200402-06)
Severity: normal
Exploitable: local
Date: February 17, 2004
ID: 200402-06
Synopsis
A vulnerability has been discovered by in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges.
Affected Packages
Package: sys-kernel/ck-sources
Vulnerable: < 2.6.2
Unaffected: >= 2.6.2
Architectures: amd64
Package: sys-kernel/development-sources
Vulnerable: < 2.6.2
Unaffected: >= 2.6.2
Architectures: amd64
Package: sys-kernel/gentoo-dev-sources
Vulnerable: < 2.6.2
Unaffected: >= 2.6.2
Architectures: amd64
Package: sys-kernel/gentoo-sources
Vulnerable: < 2.4.22-r6
Unaffected: >= 2.4.22-r6
Architectures: amd64
Package: sys-kernel/gentoo-test-sources
Vulnerable: < 2.6.2
Unaffected: >= 2.6.2-r1
Architectures: amd64
Package: sys-kernel/gs-sources
Vulnerable: < 2.4.25_pre7-r1
Unaffected: >= 2.4.25_pre7-r1
Architectures: amd64
Package: sys-kernel/vanilla-prepatch-sources
Vulnerable: < 2.4.25_rc3
Unaffected: >= 2.4.25_rc3
Architectures: amd64
Package: sys-kernel/vanilla-sources
Vulnerable: < 2.4.24-r1
Unaffected: >= 2.4.24-r1
Architectures: amd64
Description
A vulnerability has been discovered by Andi Kleen in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges. The Common Vulnerabilities and Exposures project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
Impact
Only users of the AMD64 platform are affected: in this scenario, a user may be able to obtain elevated priveleges, including root access. However, no public exploit is known for the vulnerability at this time.
Workaround
There is no temporary workaround - a kernel upgrade is required. A list of unaffected kernels is provided along with this announcement.
Resolution
Users are encouraged to upgrade to the latest available sources for their system: Code: | # emerge sync
# emerge -pv your-favourite-sources
# emerge your-favourite-sources
# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally. | Code: | # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
# # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
# # REPORTS THAT THE SAME VERSION IS INSTALLED. |
Last edited by GLSA on Sun May 07, 2006 4:50 pm; edited 1 time in total |
|