Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
BID:12079
Info
Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
| Bugtraq ID: | 12079 |
| Class: | Unknown |
| CVE: |
CVE-2004-1144 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 22 2004 12:00AM |
| Updated: | Jul 12 2009 09:26AM |
| Credit: | Discovery is credited to Petr Vandrovec. |
| Vulnerable: |
Linux kernel 2.4.28 Linux kernel 2.4.27 -pre5 Linux kernel 2.4.27 -pre4 Linux kernel 2.4.27 -pre3 Linux kernel 2.4.27 -pre2 Linux kernel 2.4.27 -pre1 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 Linux kernel 2.4.20 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.19 -pre4 Linux kernel 2.4.19 -pre3 Linux kernel 2.4.19 -pre2 Linux kernel 2.4.19 -pre1 Linux kernel 2.4.19 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.18 pre-7 Linux kernel 2.4.18 pre-6 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.18 pre-2 Linux kernel 2.4.18 pre-1 Linux kernel 2.4.18 x86 Linux kernel 2.4.18 Linux kernel 2.4.17 Linux kernel 2.4.16 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 Linux kernel 2.4.9 Linux kernel 2.4.8 Linux kernel 2.4.7 Linux kernel 2.4.6 Linux kernel 2.4.5 Linux kernel 2.4.4 Linux kernel 2.4.3 Linux kernel 2.4.2 Linux kernel 2.4.1 Linux kernel 2.4 .0-test9 Linux kernel 2.4 .0-test8 Linux kernel 2.4 .0-test7 Linux kernel 2.4 .0-test6 Linux kernel 2.4 .0-test5 Linux kernel 2.4 .0-test4 Linux kernel 2.4 .0-test3 Linux kernel 2.4 .0-test2 Linux kernel 2.4 .0-test12 Linux kernel 2.4 .0-test11 Linux kernel 2.4 .0-test10 Linux kernel 2.4 .0-test1 Linux kernel 2.4 |
| Not Vulnerable: | |
Discussion
Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
Linux Kernel is reported prone to a local privilege escalation vulnerability. This issue may allow an attacker to gain elevated privileges leading to a complete compromise of a vulnerable computer.
It is reported that this issue arises as the 32 bit compatibility system call handler fails to verify an unspecified argument properly. This vulnerability only presents itself on the AMD64 platform.
This issue reportedly affects 2.4.x versions of the kernel.
Further details about this issue are currently unavailable. This BID will be updated if more information is released.
Linux Kernel is reported prone to a local privilege escalation vulnerability. This issue may allow an attacker to gain elevated privileges leading to a complete compromise of a vulnerable computer.
It is reported that this issue arises as the 32 bit compatibility system call handler fails to verify an unspecified argument properly. This vulnerability only presents itself on the AMD64 platform.
This issue reportedly affects 2.4.x versions of the kernel.
Further details about this issue are currently unavailable. This BID will be updated if more information is released.
Exploit / POC
Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
Solution:
SUSE has released advisory SUSE-SA:2004:046 to address this issue. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:689-06 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Solution:
SUSE has released advisory SUSE-SA:2004:046 to address this issue. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:689-06 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
References
Linux Kernel 32 Bit Compatibility System Call Handler AMD64 Local Privilege Escalation Vulnerability
References:
References: