Bug 140444 - Kernel: Local privilege escalation (CVE-2006-3626)
Bug#: 140444 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: dragonheart@gentoo.org
Component: Kernel
URL:  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=4a7ac3ab06932949d3069c1811f6f2a310f656c4
Summary: Kernel: Local privilege escalation (CVE-2006-3626)
Keywords:  
Status Whiteboard: [linux <2.6.16.25] [linux >=2.6.17 <2.6.17.5]
Opened: 2006-07-14 23:40 0000
Description:   Opened: 2006-07-14 23:40 0000 
A Linux Kernel Exploit was posted to Full-Disclosure effecting the 2.6.x
kernels.
The attached code exploits a root race in /proc, The exploit has been
acknowledged and a patch is now available.

The exploit can be found:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047913.html

A patch for this exploit can be found here:
http://lkml.org/lkml/diff/2006/7/14/306/1

(written by _array on #gentoo-hardened)

Note: http://lkml.org/lkml/2006/7/15/5 says that <HAL-0.5.7 may have troubles
latest gentoo stable is hal-0.5.5.1-r3 (all arches)

------- Comment #1 From Daniel Black 2006-07-15 00:17:24 0000 ------- 
CVE from http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5

------- Comment #2 From Tim Yamin (RETIRED) 2006-07-15 05:44:44 0000 ------- 
Please do *not* use the 2.6.16.25 or 2.6.17.5 fix; I'm attaching a better one
which shouldn't break HAL & etc...

------- Comment #3 From Tim Yamin (RETIRED) 2006-07-15 05:45:24 0000 ------- 
Created an attachment (id=91781) [details]
Patch

------- Comment #4 From Tim Yamin (RETIRED) 2006-07-15 07:08:26 0000 ------- 
Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the
attached patch (don't use 2.6.17.5):

ck-sources: marineam
hardened-sources-2.6: johnm, hardened
hppa-sources: GMSoft
mips-sources: `Kumba
rsbac-sources: kang
sh-sources: sh
suspend2-sources: brix
usermode-sources: dang
xbox-sources: chrb
xen-sources: chrb, agriffis

------- Comment #5 From Daniel Black 2006-07-15 07:10:33 0000 ------- 
workaround for those waiting for a release is to mount proc with options nosuid
as suggested by padde in #gentoo-bugs

------- Comment #6 From Christian Heim (RETIRED) 2006-07-15 07:24:28 0000 ------- 
gentoo-sources-2.6.16/2.6.17 -> done
suspend2-sources-2.6.16/2.6.17 -> done

------- Comment #7 From Christian Heim (RETIRED) 2006-07-15 08:06:15 0000 ------- 
openvz-sources-026.015 (2.6.16) -> done

------- Comment #8 From Christian Heim (RETIRED) 2006-07-15 08:34:28 0000 ------- 
ck-sources-2.6.16/2.6.17 -> done

------- Comment #9 From solar 2006-07-15 09:04:19 0000 ------- 
hardened-sources-2.6.16-r11 bumped with genpatches 14

------- Comment #10 From Daniel Gryniewicz 2006-07-15 09:53:38 0000 ------- 
usermode-sources bumped.

------- Comment #11 From solar 2006-07-15 10:53:14 0000 ------- 
(In reply to comment #9)
I ment 15

------- Comment #12 From Daniel Drake 2006-07-15 17:35:07 0000 ------- 
*** Bug 140581 has been marked as a duplicate of this bug. ***

------- Comment #13 From Tim Yamin (RETIRED) 2006-07-17 09:11:50 0000 ------- 
*** Bug 140797 has been marked as a duplicate of this bug. ***

------- Comment #14 From Tuan Van (RETIRED) 2006-07-17 10:05:01 0000 ------- 
(In reply to comment #4)
> Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the
> attached patch (don't use 2.6.17.5):
> 
> ck-sources: marineam
> hardened-sources-2.6: johnm, hardened
> hppa-sources: GMSoft
> mips-sources: `Kumba
> rsbac-sources: kang
> sh-sources: sh
> suspend2-sources: brix
> usermode-sources: dang
> xbox-sources: chrb
> xen-sources: chrb, agriffis
> 

2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to
xen-sources-2.6.16.26 and and it WFM on my xen test box.

HTH.

------- Comment #15 From Tim Yamin (RETIRED) 2006-07-17 13:24:11 0000 ------- 
(In reply to comment #14)
> 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to
> xen-sources-2.6.16.26 and and it WFM on my xen test box.

Yes, .26 fixes these issues correctly.

------- Comment #16 From Guy Martin 2006-07-18 13:04:20 0000 ------- 
Fixed on hppa. First commit from my new place \o/

------- Comment #17 From Chris Bainbridge (RETIRED) 2006-07-19 13:47:44 0000 ------- 
I've updated xen and xbox -sources to 2.6.16.26.

------- Comment #18 From Harlan Lieberman-Berg (RETIRED) 2006-11-01 19:06:22 0000 ------- 
SH, RSBAC, this one too. Bump or patch.

------- Comment #19 From Guillaume Destuynder (RETIRED) 2006-11-09 06:40:26 0000 ------- 
rsbac-sources bumped to 2.6.18 in ~

------- Comment #20 From Harlan Lieberman-Berg (RETIRED) 2006-11-09 18:26:55 0000 ------- 
As discussed in the past, SH no longer is kept track of by Gentoo Kernel
Security. Closing bug.