WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-bugs

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-bugs] [Bug 738] New: Critical Kernel vulnerability (bug allows a lo

from [bugzilla-daemon] [Permanent Link][Original]
To: xen-bugs@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-bugs] [Bug 738] New: Critical Kernel vulnerability (bug allows a local user to gain root privileges)
From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx
Date: Sat, 12 Aug 2006 10:32:50 -0700
Delivery-date: Sat, 12 Aug 2006 10:33:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-bugs-request@lists.xensource.com?subject=help>
List-id: Xen Bugzilla <xen-bugs.lists.xensource.com>
List-post: <mailto:xen-bugs@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bugs@xxxxxxxxxxxxxxxxxx
Sender: xen-bugs-bounces@xxxxxxxxxxxxxxxxxxx 
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=738

           Summary: Critical Kernel vulnerability (bug allows a local user
                    to gain root privileges)
           Product: Xen
           Version: 3.0 (general)
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Unspecified
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: rogermm@xxxxxxxxx


The bug allows a local user to gain root privileges via the PR_SET_DUMPABLE
argument of the prctl function and a program that causes a core dump file to be
created in a directory for which the user does not have permissions.

It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4, and
2.6.16 before 2.6.16.24 ( XEN 3.0-testing use 2.6.16.13 ).

References:

http://www.debian.org/News/2006/20060713
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451


-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-bugs] [Bug 738] New: Critical Kernel vulnerability (bug allows a local user to gain root privileges), bugzilla-daemon <=
Previous by Date:  [Xen-bugs] [Bug 737] New: Host Network Cannot Configure, bugzilla-daemon
Next by Date:  [Xen-bugs] [Bug 627] XEN version 3.0.2, ISO9660 kernel module, bugzilla-daemon
Previous by Thread:  [Xen-bugs] [Bug 737] New: Host Network Cannot Configure, bugzilla-daemon
Next by Thread:  [Xen-bugs] [Bug 627] XEN version 3.0.2, ISO9660 kernel module, bugzilla-daemon
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy