140444 – Kernel: Local privilege escalation (CVE-2006-3626)

Bug 140444 - Kernel: Local privilege escalation (CVE-2006-3626)

Summary: Kernel: Local privilege escalation (CVE-2006-3626)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.16.25] [linux >=2.6.17 <2...
Keywords:

Duplicates (2):	140581 140797 (view as bug list)
Depends on:
Blocks:

Reported:	2006-07-14 23:40 UTC by Daniel Black (RETIRED)
Modified:	2009-07-11 12:22 UTC (History)
CC List:	9 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch (1505_procfs-dumpable-race.patch,634 bytes, patch) 2006-07-15 05:45 UTC, Tim Yamin (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Black (RETIRED) gentoo-dev

2006-07-14 23:40:42 UTC

A Linux Kernel Exploit was posted to Full-Disclosure effecting the 2.6.x kernels.
The attached code exploits a root race in /proc, The exploit has been acknowledged and a patch is now available.

The exploit can be found: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047913.html

A patch for this exploit can be found here: http://lkml.org/lkml/diff/2006/7/14/306/1

(written by _array on #gentoo-hardened)

Note: http://lkml.org/lkml/2006/7/15/5 says that <HAL-0.5.7 may have troubles
latest gentoo stable is hal-0.5.5.1-r3 (all arches)

Comment 1 Daniel Black (RETIRED) gentoo-dev

2006-07-15 00:17:24 UTC

CVE from http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5

Comment 2 Tim Yamin (RETIRED) gentoo-dev

2006-07-15 05:44:44 UTC

Please do *not* use the 2.6.16.25 or 2.6.17.5 fix; I'm attaching a better one which shouldn't break HAL & etc...

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2006-07-15 05:45:24 UTC

Created attachment 91781 [details, diff]
Patch

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2006-07-15 07:08:26 UTC

Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the attached patch (don't use 2.6.17.5):

ck-sources: marineam
hardened-sources-2.6: johnm, hardened
hppa-sources: GMSoft
mips-sources: `Kumba
rsbac-sources: kang
sh-sources: sh
suspend2-sources: brix
usermode-sources: dang
xbox-sources: chrb
xen-sources: chrb, agriffis

Comment 5 Daniel Black (RETIRED) gentoo-dev

2006-07-15 07:10:33 UTC

workaround for those waiting for a release is to mount proc with options nosuid as suggested by padde in #gentoo-bugs

Comment 6 Christian Heim (RETIRED) gentoo-dev

2006-07-15 07:24:28 UTC

gentoo-sources-2.6.16/2.6.17 -> done
suspend2-sources-2.6.16/2.6.17 -> done

Comment 7 Christian Heim (RETIRED) gentoo-dev

2006-07-15 08:06:15 UTC

openvz-sources-026.015 (2.6.16) -> done

Comment 8 Christian Heim (RETIRED) gentoo-dev

2006-07-15 08:34:28 UTC

ck-sources-2.6.16/2.6.17 -> done

Comment 9 solar (RETIRED) gentoo-dev

2006-07-15 09:04:19 UTC

hardened-sources-2.6.16-r11 bumped with genpatches 14

Comment 10 Daniel Gryniewicz (RETIRED) gentoo-dev

2006-07-15 09:53:38 UTC

usermode-sources bumped.

Comment 11 solar (RETIRED) gentoo-dev

2006-07-15 10:53:14 UTC

(In reply to comment #9)
I ment 15

Comment 12 Daniel Drake (RETIRED) gentoo-dev

2006-07-15 17:35:07 UTC

*** Bug 140581 has been marked as a duplicate of this bug. ***

Comment 13 Tim Yamin (RETIRED) gentoo-dev

2006-07-17 09:11:50 UTC

*** Bug 140797 has been marked as a duplicate of this bug. ***

Comment 14 Tuan Van (RETIRED) gentoo-dev

2006-07-17 10:05:01 UTC

(In reply to comment #4)
> Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the
> attached patch (don't use 2.6.17.5):
> 
> ck-sources: marineam
> hardened-sources-2.6: johnm, hardened
> hppa-sources: GMSoft
> mips-sources: `Kumba
> rsbac-sources: kang
> sh-sources: sh
> suspend2-sources: brix
> usermode-sources: dang
> xbox-sources: chrb
> xen-sources: chrb, agriffis
> 

2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to xen-sources-2.6.16.26 and and it WFM on my xen test box.

HTH.

Comment 15 Tim Yamin (RETIRED) gentoo-dev

2006-07-17 13:24:11 UTC

(In reply to comment #14)
> 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to
> xen-sources-2.6.16.26 and and it WFM on my xen test box.

Yes, .26 fixes these issues correctly.

Comment 16 Guy Martin (RETIRED) gentoo-dev

2006-07-18 13:04:20 UTC

Fixed on hppa. First commit from my new place \o/

Comment 17 Chris Bainbridge (RETIRED) gentoo-dev

2006-07-19 13:47:44 UTC

I've updated xen and xbox -sources to 2.6.16.26.

Comment 18 Harlan Lieberman-Berg (RETIRED) gentoo-dev

2006-11-01 19:06:22 UTC

SH, RSBAC, this one too. Bump or patch.

Comment 19 Guillaume Destuynder (RETIRED) gentoo-dev

2006-11-09 06:40:26 UTC

rsbac-sources bumped to 2.6.18 in ~

Comment 20 Harlan Lieberman-Berg (RETIRED) gentoo-dev

2006-11-09 18:26:55 UTC

As discussed in the past, SH no longer is kept track of by Gentoo Kernel Security. Closing bug.