Advisories:rPSA-2006-0130
From rPath Wiki
rPath Security Advisory 2006-0130-1
Published: 2006-07-17
Products
- rPath Linux 1
Rating
- Critical
Exposure Level Classification
- Local Root Deterministic Privilege Escalation
Updated Versions
- kernel=conary.rpath.com@rpl:1/2.6.16.26-0.1-1
rPath Issue Tracking System
References
Description
- In previous versions of the kernel package, a local root privilege
- escalation and a separate denial of service vulnerability are known
- to exist.
- The local root privilege escalation allows any local user to use
- the /proc/self/environ file to reliably subvert the root user.
- The local root privilege escalation has a known and publically
- available exploit in current active use.
- The denial of service applies if the ftdi_sio module that drives
- a usb-serial hardware device is loaded, in which case any user
- allowed to access the device can consume all the memory on the
- system by producing data faster than the device can consume it,
- either as an intentional attack or unintentionally, leading to a
- denial of service.
- A system reboot is required to resolve these vulnerabilities.
- rPath recommends that you update your systems immediately.
Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html