Overview
A vulnerability in the linux kernel may permit a local user to gain elevated privileges.
Description
Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call (do_brk() function). This vulnerability may be exploited by a local user to gain elevated or root privileges. An exploit for this vulnerability exists, and has been used to compromise systems. |
Impact
A local user on the system can exploit this vulnerability to gain access to the kernel address space and gain elevated privileges. |
Solution
This vulnerability has been resolved in versions 2.4.23 for the 2.4 kernel tree, and the 2.6.0-test6 kernel tree. Please check the "Systems Affected" section for vendor-specific releases. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Wichert Akkerman for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | CVE-2003-0961 |
| Severity Metric: | 23.63 |
| Date Public: | 2003-12-01 |
| Date First Published: | 2003-12-02 |
| Date Last Updated: | 2003-12-02 20:03 UTC |
| Document Revision: | 9 |