CERTA-2007-AVI-416
Vulnerability from certfr_avis
Une vulnérabilité dans le noyau Linux permet à un utilisateur local d'élever ses privilèges.
Description
Une vulnérabilité dans la mise en œuvre de l'appel système ptrace par le noyau Linux permet à un utilisateur local d'élever ses privilèges. La faille est relative à une mauvaise initialisation de registre sur une architecture x86_64 lors de la sortie d'un appel système ptrace en mode 32bit.
Solution
Les versions 2.4.35.3 et 2.6.22.7 du noyau Linux corrigent le problème :
http://www.kernel.org/pub/linux/kernel/v2.4/
http://www.kernel.org/pub/linux/kernel/v2.6/
Impacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Linux kernel versions 2.6.22.6 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Linux kernel versions 2.4.35.2 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la mise en \u0153uvre de l\u0027appel syst\u00e8me ptrace par le\nnoyau Linux permet \u00e0 un utilisateur local d\u0027\u00e9lever ses privil\u00e8ges. La\nfaille est relative \u00e0 une mauvaise initialisation de registre sur une\narchitecture x86_64 lors de la sortie d\u0027un appel syst\u00e8me ptrace en mode\n32bit.\n\n## Solution\n\nLes versions 2.4.35.3 et 2.6.22.7 du noyau Linux corrigent le probl\u00e8me :\n\n http://www.kernel.org/pub/linux/kernel/v2.4/\n\n http://www.kernel.org/pub/linux/kernel/v2.6/\n",
"cves": [
{
"name": "CVE-2007-4573",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4573"
}
],
"initial_release_date": "2007-09-24T00:00:00",
"last_revision_date": "2007-09-24T00:00:00",
"links": [
{
"title": "Site du noyau Linux :",
"url": "http://www.kernel.org"
},
{
"title": "Liste des changements apport\u00e9s \u00e0 la version 2.4.35.3 du noyau Linux :",
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/Changelog-2.4.35.3"
},
{
"title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.22.7 du noyau Linux :",
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/Changelog-2.6.22.7"
}
],
"reference": "CERTA-2007-AVI-416",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le noyau Linux permet \u00e0 un utilisateur local\nd\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
"vendor_advisories": [
{
"published_at": null,
"title": "Liste des changements apport\u00e9s aux versions 2.4.35.3 et 2.6.22.7 du noyau Linux",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…