Vigil@nce - Linux kernel: code execution via stack overflow
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a stack overflow in order to execute code
or elevate his privileges.
Severity: 2/4
Creation date: 18/08/2010
DESCRIPTION OF THE VULNERABILITY
The do_anonymous_page() function of the file mm/memory.c allocates
memory pages for applications.
When the stack of a process overflow, new continuous memory pages
are allocated.
If those pages are already allocated, an exception is generated.
However, if they are part of a shared memory segment, the
do_anonymous_page() reuses it without generating an exception.
Some part of the stack is therefore visible in the segment.
An attacker can therefore generate a stack overflow in order to
execute code or elevate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-code-execution-via-stack-overflow-9853