Info

Disclosure

Jan 11, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in the Linux kernel. The poolsize_strategy() function fails to validate integers to be used in a userland to kernel space memory copy operation resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Linus Torvalds	Linux	2.4
		2.4.1
		2.4.2
		2.4.3
		2.4.4
		2.4.5
		2.4.6
		2.4.7
		2.4.8
		2.4.9
		2.4.10
		2.4.11
		2.4.12
		2.4.13
		2.4.14
		2.4.15
		2.4.16
		2.4.17
		2.4.18
		2.4.19
		2.4.20
		2.4.21
		2.4.22
		2.4.23
		2.4.24
		2.4.25
		2.4.26
		2.4.27
		2.4.28
		2.6
		2.6.1
		2.6.2
		2.6.3
		2.6.4
		2.6.5
		2.6.6
		2.6.7
		2.6.8
		2.6.9
		2.6.10

References

Bugtraq ID: 12196
Related OSVDB ID: 12836 12837 12838
Secunia Advisory ID: 13784
ISS X-Force ID: 18819
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0225.html
Vendor URL: http://www.kernel.org/
Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/gr_poolsize.c

Credit

Brad Spengler - spendergrsecurity.net - grsecurity

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Linus Torvalds

Linux

References

Credit