[grsec] [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

[Les]

Arg, and of course when I resend it in plain text I fail to include the 
notice itself.  Here it is.

-----Original Message-----
From: Secunia Security Advisories [mailto:sec-adv at secunia.com]

TITLE:
Linux Kernel "prctl" Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA20953

VERIFY ADVISORY:
http://secunia.com/advisories/20953/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/

DESCRIPTION:
A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to bypass certain security restrictions
or potentially gain escalated privileges.

The vulnerability is caused due to improper handling of core dumps.
This can be exploited to dump core files into usually restricted directories
or potentially gain root privileges.

SOLUTION:
Update to version 2.6.17.4.
http://www.kernel.org/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Red Hat.

ORIGINAL ADVISORY:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4

  Regards,
    Les F.




Les wrote:
> Resent via plain text.  Sorry for the trouble.
>
> Greetings all,
>
>  This advisory just made it's way to me.  I have yet to locate a proof 
> of concept test to verify this vulnerability.  I felt the best course 
> of action is ask the experts here if the current stable 2.6 release 
> (grsecurity-2.1.8-2.6.14.6-200601211647) is sufficient to protect 
> against this.
>  Regards,
>    Les
>
>
>
> fire-eyes wrote:
>> On Friday 07 July 2006 20:25, Les wrote:
>>  
>>> <!DOCTYPE html PUB [snip]
>>>     
>>
>> Thank you, however, can we please get that in plain text? No, I don't 
>> want to start a txt vs html mail war... Please don't reply that way.
>>
>>   
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity