Linux kernel ptrace eflags privilege escalation

linux-ptrace-gain-privilege (14888) The risk level is classified as HighHigh Risk

Description:

Linux kernel could allow a local attacker to gain elevated privileges, caused by improper checking of eflags when in 32-bit ptrace emulation mode. This issue is reported to only affect kernels built for the AMD64 architecture. A local attacker could use this vulnerability to gain elevated or root privileges on the system.


Consequences:

Gain Privileges

Remedy:

For Red Hat Linux:
Upgrade to the latest kernel package, as listed below. Refer to RHSA-2004:017-06 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 2.4.21-9.EL or later

References:

  • BID-9429: Linux Kernel 32 Bit Ptrace Emulation Full Kernel Rights Vulnerability
  • CVE-2004-0001: Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
  • GLSA-200402-06: Updated kernel packages fix the AMD64 ptrace vulnerability
  • RHSA-2004-017: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 1
  • US-CERT VU#337238: Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Platforms Affected:

  • Linux Linux Kernel 2.6.20.1
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 WS

Reported:

Jan 20, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page