Linode.com Forum Forum Index Linode.com Forum
Linode Community Forums
 


Kernel: 2.6.17.4-linode23 (CVE-2006-2451 fix)

Click here to go to the original topic

 
       Linode.com Forum Forum Index -> Linode.com Announcements
Author Message
caker



Joined: 15 Apr 2003
Posts: 2370
Location: Galloway, NJ
Posted: Thu Jul 13, 2006 10:44 pm    Post subject: Kernel: 2.6.17.4-linode23 (CVE-2006-2451 fix)  
This kernel contains the fix for CVE-2006-2451. No other config changes from the linode21 kernel.

Quote: CVE-2006-2451:

The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
Code: commit 4f9619cdd90ac846fa0ca6e9e8a9d87a0d6b4f57
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Thu Jul 6 13:02:28 2006 -0700

    Linux 2.6.17.4

commit 0af184bb9f80edfbb94de46cb52e9592e5a547b0
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Thu Jul 6 13:02:05 2006 -0700

    fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
   
    Based on a patch from Ernie Petrides
   
    During security research, Red Hat discovered a behavioral flaw in core
    dump handling. A local user could create a program that would cause a
    core file to be dumped into a directory they would not normally have
    permissions to write to. This could lead to a denial of service (disk
    consumption), or allow the local user to gain root privileges.
   
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

-Chris
Back to top  
 
       Linode.com Forum Forum Index -> Linode.com Announcements
Page 1 of 1