lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200607171439.k6HEdxAC030616@lambchop.rdu.rpath.com>
Date: Mon, 17 Jul 2006 10:39:59 -0400
From: "Justin M. Forbes" <jmforbes@...th.com>
To: security-announce@...ts.rpath.com,
	update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	lwn@....net
Subject: rPSA-2006-0130-1 kernel

rPath Security Advisory: 2006-0130-1
Published: 2006-07-17
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Local Root Deterministic Privilege Escalation
Updated Versions:
    kernel=/conary.rpath.com@rpl:devel//1/2.6.16.26-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2936
    https://issues.rpath.com/browse/RPL-510
    https://issues.rpath.com/browse/RPL-507

Description:
    In previous versions of the kernel package, a local root privilege
    escalation and a separate denial of service vulnerability are known
    to exist.
    
    The local root privilege escalation allows any local user to use
    the /proc/self/environ file to reliably subvert the root user.
    The local root privilege escalation has a known and publically
    available exploit in current active use.
    
    The denial of service applies if the ftdi_sio module that drives
    a usb-serial hardware device is loaded, in which case any user
    allowed to access the device can consume all the memory on the
    system by producing data faster than the device can consume it,
    either as an intentional attack or unintentionally, leading to a
    denial of service.
    
    A system reboot is required to resolve these vulnerabilities.
    rPath recommends that you update your systems immediately.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ