SB2002081207 - Improper privilege management in Linux kernel
Published: August 12, 2002
Security Bulletin ID
SB2002081207
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper privilege management (CVE-ID: CVE-2002-0429)
The vulnerability allows a local user to manipulate or delete data.
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
Remediation
Install update from vendor's website.
References
- http://marc.info/?l=bugtraq&m=101561298818888&w=2
- http://www.debian.org/security/2003/dsa-311
- http://www.debian.org/security/2003/dsa-312
- http://www.debian.org/security/2003/dsa-332
- http://www.debian.org/security/2003/dsa-336
- http://www.debian.org/security/2004/dsa-442
- http://www.iss.net/security_center/static/8420.php
- http://www.openwall.com/linux/
- http://www.redhat.com/support/errata/RHSA-2002-158.html
- http://www.securityfocus.com/bid/4259