English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200402-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~                                            http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

~  Severity: Normal
~     Title: Linux kernel AMD64 ptrace vulnerability
~      Date: February 17, 2004
~        ID: 200402-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered by in the ptrace emulation code for
AMD64 platforms when eflags are processed, allowing a local user to
obtain elevated priveleges.

Affected packages
=================

~    -------------------------------------------------------
~               Kernel            /    Unaffected Version
~    -------------------------------------------------------

~    ck-sources..........................2.6.2-r1...........
~    development-sources.................2.6.2..............
~    gentoo-dev-sources..................2.6.2..............
~    gentoo-sources......................2.4.20-r12.........
~    gs-sources..........................2.4.25_pre7-r1.....
~    vanilla-prepatch-sources............2.4.25_rc3.........
~    vanilla-sources.....................2.4.24-r1..........

Description
===========

A vulnerability has been discovered by Andi Kleen in the ptrace
emulation code for AMD64 platforms when eflags are processed, allowing a
local user to obtain elevated priveleges. The Common Vulnerabilities and
Exposures project has assigned CAN-2004-0001 to this issue.

Impact
======

( Only users of the AMD64 platform are affected )

In this scenario, a user may be able to obtain elevated priveleges,
including root access. However, no public exploit is known for the
vulnerability at this time.

Workaround
==========

There is no temporary workaround - a kernel upgrade is required. A list
of unaffected kernels is provided along with this announcement.

Resolution
==========

Users are encouraged to upgrade to the latest available sources for
their system:

~  # emerge sync
~  # emerge -pv your-favorite-sources

~  # emerge your-favorite-sources

~  # # Follow usual procedures for compiling and installing a kernel.
~  # # If you use genkernel, run genkernel as you would do normally.

~  # # See http://www.gentoo.org/doc/en/handbook/handbook.xml for help.

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAMXwiMMXbAy2b2EIRAqDmAKDhG09r3rq6xFlOIB6i6auX1Fcc/ACeO0wE
/deJ+dBC2NsZ+bVLmCrHYZQ=
=IQWM
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.