Vigil@nce: Linux kernel, privilege elevation via ptrace
July 2008 by Vigil@nce
SYNTHESIS
A local attacker can create a program using ptrace() in order to
corrupt the memory to elevate his privileges.
Gravity: 2/4
Consequences: administrator access/rights, denial of service of
computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/07/2008
Identifier: VIGILANCE-VUL-7930
IMPACTED PRODUCTS
– Linux kernel [confidential versions]
DESCRIPTION
The systrace() system call tracks and controls the execution of a
process.
Options in the PTRACE_GETREGS and PTRACE_SETREGS family obtain and change values in registers. However, due to an overflow, an
incorrect memory free can be done, which corrupts the memory.
A local attacker can therefore stop the system or execute code in
the kernel.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-7930