BID:18176

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

Info

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

Bugtraq ID:	18176
Class:	Unknown
CVE:	CVE-2004-0997
Remote:	No
Local:	Yes
Published:	May 30 2006 12:00AM
Updated:	Jan 10 2007 08:51PM
Credit:	Discovery is credited to Thiemo Seufer.
Vulnerable:	Linux kernel 2.4.33 -pre1 Linux kernel 2.4.32 -pre2 Linux kernel 2.4.32 -pre1 Linux kernel 2.4.32 Linux kernel 2.4.31 -pre1 Linux kernel 2.4.31 Linux kernel 2.4.30 rc3 Linux kernel 2.4.30 rc2 Linux kernel 2.4.30 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 Linux kernel 2.4.29 -rc2 Linux kernel 2.4.29 -rc1 Linux kernel 2.4.29 Linux kernel 2.4.28 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.4.27 -pre5 Linux kernel 2.4.27 -pre4 Linux kernel 2.4.27 -pre3 Linux kernel 2.4.27 -pre2 Linux kernel 2.4.27 -pre1 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 + Trustix Secure Linux 2.0 Linux kernel 2.4.22 + Devil-Linux Devil-Linux 1.0.5 + Devil-Linux Devil-Linux 1.0.4 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Redhat Fedora Core1 + Slackware Linux 9.1 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + SuSE SUSE Linux Enterprise Server 8 Linux kernel 2.4.20 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.19 -pre4 Linux kernel 2.4.19 -pre3 Linux kernel 2.4.19 -pre2 Linux kernel 2.4.19 -pre1 Linux kernel 2.4.19 + Conectiva Linux Enterprise Edition 1.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.0 + Slackware Linux -current + SuSE Linux 8.1 + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.18 pre-7 Linux kernel 2.4.18 pre-6 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.18 pre-2 Linux kernel 2.4.18 pre-1 Linux kernel 2.4.18 x86 + Debian Linux 3.0 ia-32 Linux kernel 2.4.18 + Astaro Security Linux 2.0 23 + Astaro Security Linux 2.0 16 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 + Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 + Redhat Advanced Workstation for the Itanium Processor 2.1 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Linux 8.0 + Redhat Linux 7.3 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Firewall on CD + S.u.S.E. Linux Office Server + S.u.S.E. Linux Personal 8.2 + S.u.S.E. SuSE eMail Server 3.1 + S.u.S.E. SuSE eMail Server III + SuSE Linux 8.1 + SuSE Linux 8.0 + SuSE Linux 7.3 + SuSE Linux 7.2 + SuSE Linux 7.1 + SuSE Linux Openexchange Server + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Linux kernel 2.4.17 Linux kernel 2.4.16 + Sun Cobalt RaQ 550 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 Linux kernel 2.4.9 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 alpha + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 Linux kernel 2.4.8 + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.7 + Redhat Linux 7.2 + SuSE Linux 7.2 + SuSE Linux 7.1 Linux kernel 2.4.6 Linux kernel 2.4.5 + Slackware Linux 8.0 Linux kernel 2.4.4 + SuSE Linux 7.2 Linux kernel 2.4.3 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.2 Linux kernel 2.4.1 Linux kernel 2.4 .0-test9 Linux kernel 2.4 .0-test8 Linux kernel 2.4 .0-test7 Linux kernel 2.4 .0-test6 Linux kernel 2.4 .0-test5 Linux kernel 2.4 .0-test4 Linux kernel 2.4 .0-test3 Linux kernel 2.4 .0-test2 Linux kernel 2.4 .0-test12 Linux kernel 2.4 .0-test11 Linux kernel 2.4 .0-test10 Linux kernel 2.4 .0-test1 Linux kernel 2.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0

Not Vulnerable:

Discussion

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

The Linux kernel is susceptible to a local privilege-escalation vulnerability. This issue occurs only on MIPS architectures.

This issue allows local attackers to gain superuser privileges, facilitating the complete compromise of affected computers.

Specific information regarding affected versions is not currently available; this BID will be updated as further information is disclosed.

Exploit / POC

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

Solution:
Please see the referenced advisories for information on obtaining and applying the appropriate updates.

Linux kernel 2.4.16

Debian kernel-doc-2.4.16_2.4.16-1woody2_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/ke rnel-doc-2.4.16_2.4.16-1woody2_all.deb

Debian kernel-doc-2.4.16_2.4.16-1woody3_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/ke rnel-doc-2.4.16_2.4.16-1woody3_all.deb

Debian kernel-headers-2.4.16_20040419_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-headers-2.4.16_20040419_arm.deb

Debian kernel-headers-2.4.16_20040419woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-headers-2.4.16_20040419woody1_arm.deb

Debian kernel-image-2.4.16-lart_20040419_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lar t/kernel-image-2.4.16-lart_20040419_arm.deb

Debian kernel-image-2.4.16-lart_20040419woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lar t/kernel-image-2.4.16-lart_20040419woody1_arm.deb

Debian kernel-image-2.4.16-netwinder_20040419_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-image-2.4.16-netwinder_20040419_arm.deb

Debian kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb

Debian kernel-image-2.4.16-riscpc_20040419_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-ris cpc/kernel-image-2.4.16-riscpc_20040419_arm.deb

Debian kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-ris cpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb

Debian kernel-patch-2.4.16-arm_20040419_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm /kernel-patch-2.4.16-arm_20040419_all.deb

Debian kernel-source-2.4.16_2.4.16-1woody2_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/ke rnel-source-2.4.16_2.4.16-1woody2_all.deb

Debian kernel-source-2.4.16_2.4.16-1woody3_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/ke rnel-source-2.4.16_2.4.16-1woody3_all.deb

Linux kernel 2.4.18

Debian kernel-headers-2.4.16_20040204_arm.deb
ARM architecture.
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-headers-2.4.16_20040204_arm.deb

Debian kernel-headers-2.4.18-sparc_22woody1_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-headers-2.4.18-sparc_22woody1_all.deb

Debian kernel-image-2.4.16-lart_20040204_arm.deb
ARM architecture.
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lar t/kernel-image-2.4.16-lart_20040204_arm.deb

Debian kernel-image-2.4.16-netwinder_20040204_arm.deb
ARM architecture.
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-net winder/kernel-image-2.4.16-netwinder_20040204_arm.deb

Debian kernel-image-2.4.16-riscpc_20040204_arm.deb
ARM architecture.
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-ris cpc/kernel-image-2.4.16-riscpc_20040204_arm.deb

Debian kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb

Debian kernel-image-2.4.18-sun4u_22woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-image-2.4.18-sun4u_22woody1_sparc.deb

Linux kernel 2.4.19

Debian kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/ke rnel-doc-2.4.19_2.4.19-4.woody3_all.deb

Debian kernel-headers-2.4.19-sparc_26woody1_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-headers-2.4.19-sparc_26woody1_all.deb

Debian kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mip s/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb

Debian kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mip s/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb

Debian kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mip s/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb

Debian kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb

Debian kernel-image-2.4.19-sun4u_26woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/ kernel-image-2.4.19-sun4u_26woody1_sparc.deb

Debian kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mip s/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb

Debian kernel-source-2.4.19_2.4.19-4.woody3_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/ke rnel-source-2.4.19_2.4.19-4.woody3_all.deb

Debian mips-tools_2.4.19-0.020911.1.woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mip s/mips-tools_2.4.19-0.020911.1.woody5_mips.deb

References

Linux Kernel MIPS Ptrace Local Privilege Escalation Vulnerability

References:

CVE-2004-0997 Patch Tracking Entry (Debian)