exploits , vulnerabilities , articles , Linux kernel Uselib() Local Privilege Escalation Vulnerability

Title	Linux kernel Uselib() Local Privilege Escalation Vulnerability
Published	2005-01-07-12:00AM
Updated	2005-03-22-04:34PM
Class	Race Condition Error
CVE	CAN-2004-1235
Remote	No
Local	Yes
Credit	Discovery is credited to Paul Starzetz <ihaquer@isec.pl>.
Vulnerable	Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 8.1 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Desktop 4.0 RedHat Desktop 3.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 Linux kernel 2.6.10 rc2 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ppc Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 rc2 Linux kernel 2.6.1 rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 test9CVS Linux kernel 2.6 test9 Linux kernel 2.6 test8 Linux kernel 2.6 test7 Linux kernel 2.6 test6 Linux kernel 2.6 test5 Linux kernel 2.6 test4 Linux kernel 2.6 test3 Linux kernel 2.6 test2 Linux kernel 2.6 test11 Linux kernel 2.6 test10 Linux kernel 2.6 test1 Linux kernel 2.6 Linux kernel 2.4.29 rc2 Linux kernel 2.4.28 Linux kernel 2.4.27 pre5 Linux kernel 2.4.27 pre4 Linux kernel 2.4.27 pre3 Linux kernel 2.4.27 pre2 Linux kernel 2.4.27 pre1 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 pre9 Linux kernel 2.4.23 ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 DevilLinux DevilLinux 1.0.4 DevilLinux DevilLinux 1.0.5 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 RedHat Fedora Core1 Slackware Linux 9.1 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 Conectiva Linux 9.0 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 x86_64 Linux kernel 2.4.20 CRUX CRUX Linux 1.0 Gentoo Linux 1.2 Gentoo Linux 1.4 RedHat Linux 9.0 i386 Slackware Linux 9.0 WOLK WOLK 4.4 s Linux kernel 2.4.19 pre6 Linux kernel 2.4.19 pre5 Linux kernel 2.4.19 pre4 Linux kernel 2.4.19 pre3 Linux kernel 2.4.19 pre2 Linux kernel 2.4.19 pre1 Linux kernel 2.4.19 Linux kernel 2.4.18 pre8 Linux kernel 2.4.18 pre7 Linux kernel 2.4.18 pre6 Linux kernel 2.4.18 pre5 Linux kernel 2.4.18 pre4 Linux kernel 2.4.18 pre3 Linux kernel 2.4.18 pre2 Linux kernel 2.4.18 pre1 Linux kernel 2.4.18 x86 Linux kernel 2.4.18 Linux kernel 2.4.17 Linux kernel 2.4.16 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Conectiva Linux 7.0 Linux kernel 2.4.11 Linux kernel 2.4.10 S.u.S.E. Linux 7.3 Linux kernel 2.4.9 Linux kernel 2.4.8 Linux kernel 2.4.7 RedHat Linux 7.2 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.2 Linux kernel 2.4.6 Linux kernel 2.4.5 Slackware Linux 8.0 Linux kernel 2.4.4 Linux kernel 2.4.3 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc Linux kernel 2.4.2 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1 RedHat Linux 7.1 alpha RedHat Linux 7.1 i386 Linux kernel 2.4.1 Linux kernel 2.4 .0test9 Linux kernel 2.4 .0test8 Linux kernel 2.4 .0test7 Linux kernel 2.4 .0test6 Linux kernel 2.4 .0test5 Linux kernel 2.4 .0test4 Linux kernel 2.4 .0test3 Linux kernel 2.4 .0test2 Linux kernel 2.4 .0test12 Linux kernel 2.4 .0test11 Linux kernel 2.4 .0test10 Linux kernel 2.4 .0test1 Linux kernel 2.4 Conectiva Linux 10.0 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Network Routing Avaya Modular Messaging (MSS) 2.0 Avaya Modular Messaging (MSS) 1.1 Avaya MN100 Avaya Intuity LX Avaya Converged Communications Server 2.0
Not Vulnerable
Code	The following proof of concept and exploit are available: /data/vulnerabilities/exploits/binfmt_elf.c /data/vulnerabilities/exploits/pwnedUselibKernelExploit.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-08-28 Avaya SES Authentication Bypass Vulnerability and Information Disclosure Weakness
• 2008-08-28 Opera Web Browser 9.51 Multiple Security Vulnerabilities
• 2008-08-28 Aurora Password Manager System Tray Icon Information Disclosure Vulnerability
• 2008-08-28 GE Fanuc Proficy Information Portal HTTP Basic Authentication Information Disclosure Vulnerability
• 2008-08-28 Interleave Information Disclosure Vulnerabilities
• 2008-08-28 NOAH Unspecified Cross-Site Scripting Vulnerability
• 2008-08-27 itMedia Multiple SQL Injection Vulnerabilities
• 2008-08-27 Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability
• 2008-08-27 SWIMAGE Encore Master Password Information Disclosure Vulnerability
• 2008-08-27 Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 28 Aug 2008 04:48:15 +0000