exploits , vulnerabilities , articles , Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities

Title	Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vulnerabilities
Published	2004-11-10-12:00AM
Updated	2005-05-18-01:35PM
Class	Design Error
CVE	CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
Remote	No
Local	Yes
Credit	Discovery is credited to Paul Starzetz <ihaquer@isec.pl>.
Vulnerable	Turbolinux Turbolinux Server 10.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 8.1 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 Ubuntu Ubuntu Linux 4.1 ia32 Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ppc Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 rc2 Linux kernel 2.6.1 rc1 Linux kernel 2.6.1 Linux kernel 2.6 test9CVS Linux kernel 2.6 test9 Linux kernel 2.6 test8 Linux kernel 2.6 test7 Linux kernel 2.6 test6 Linux kernel 2.6 test5 Linux kernel 2.6 test4 Linux kernel 2.6 test3 Linux kernel 2.6 test2 Linux kernel 2.6 test11 Linux kernel 2.6 test10 Linux kernel 2.6 test1 Linux kernel 2.6 Linux kernel 2.4.27 pre5 Linux kernel 2.4.27 pre4 Linux kernel 2.4.27 pre3 Linux kernel 2.4.27 pre2 Linux kernel 2.4.27 pre1 Linux kernel 2.4.27 Linux kernel 2.4.26 Linux kernel 2.4.25 Linux kernel 2.4.24 ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 pre9 Linux kernel 2.4.23 ow2 Linux kernel 2.4.23 Linux kernel 2.4.22 DevilLinux DevilLinux 1.0.4 DevilLinux DevilLinux 1.0.5 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 RedHat Fedora Core1 Slackware Linux 9.1 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 Conectiva Linux 9.0 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 x86_64 Linux kernel 2.4.20 CRUX CRUX Linux 1.0 Gentoo Linux 1.2 Gentoo Linux 1.4 RedHat Linux 9.0 i386 Slackware Linux 9.0 WOLK WOLK 4.4 s Linux kernel 2.4.19 pre6 Linux kernel 2.4.19 pre5 Linux kernel 2.4.19 pre4 Linux kernel 2.4.19 pre3 Linux kernel 2.4.19 pre2 Linux kernel 2.4.19 pre1 Linux kernel 2.4.19 Linux kernel 2.4.18 pre8 Linux kernel 2.4.18 pre7 Linux kernel 2.4.18 pre6 Linux kernel 2.4.18 pre5 Linux kernel 2.4.18 pre4 Linux kernel 2.4.18 pre3 Linux kernel 2.4.18 pre2 Linux kernel 2.4.18 pre1 Linux kernel 2.4.18 x86 Linux kernel 2.4.18 Linux kernel 2.4.17 Linux kernel 2.4.16 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Conectiva Linux 7.0 Linux kernel 2.4.11 Linux kernel 2.4.10 S.u.S.E. Linux 7.3 Linux kernel 2.4.9 Linux kernel 2.4.8 Linux kernel 2.4.7 RedHat Linux 7.2 S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.2 Linux kernel 2.4.6 Linux kernel 2.4.5 Slackware Linux 8.0 Linux kernel 2.4.4 Linux kernel 2.4.3 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc Linux kernel 2.4.2 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1 RedHat Linux 7.1 alpha RedHat Linux 7.1 i386 Linux kernel 2.4.1 Linux kernel 2.4 .0test9 Linux kernel 2.4 .0test8 Linux kernel 2.4 .0test7 Linux kernel 2.4 .0test6 Linux kernel 2.4 .0test5 Linux kernel 2.4 .0test4 Linux kernel 2.4 .0test3 Linux kernel 2.4 .0test2 Linux kernel 2.4 .0test12 Linux kernel 2.4 .0test11 Linux kernel 2.4 .0test10 Linux kernel 2.4 .0test1 Linux kernel 2.4 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Network Routing Avaya Modular Messaging (MSS) 2.0 Avaya Modular Messaging (MSS) 1.1 Avaya MN100 Avaya Intuity LX Avaya Converged Communications Server 2.0
Not Vulnerable
Code	A proof of concept is available for the execve() issue that allows reading of non-readable ELF binaries. /data/vulnerabilities/exploits/binfmt_elf_dump.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
• 2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
• 2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
• 2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 08:52:40 +0000