Vulnerability in Linux kernel allows for privilege escalation
An exploit has been released that allows attackers to escalate their privileges via a vulnerability that was closed in versions 2.4.35.3 and 2.6.22.7 of the Linux kernel. However, an attacker does require access with restricted rights to a system running on a 64-bit version of the Linux kernel.
The problem results from failure to adequately check a number of processor registers in the code for IA32 system call emulation. According to the security advisory, it is then possible to manipulate the content of the %RAX register to access areas outside the system call table and launch arbitrary code in the context of the kernel. Some Linux distributors are supplying kernel packages with this flaw already remedied.
Such local-root holes must be taken seriously, as repeated break-ins to multi-user systems demonstrate. For instance, last summer a Debian developer server was manipulated when a restricted user exploited a vulnerability to get root rights via core dumps.
- IA32 System Call Emulation Vulnerability, security advisory from COSEINC
(mba)