Bug 294238

Summary:	Kernel: uvesafb, phomelfs, dst, dm CAP_SYS_ADMIN privilege escalation (CVE-2009-3725)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=127f1bdba584bc2aa2f910273b6b5701d5bad3ed
Whiteboard:	[linux <2.6.31.5] [gp <2.6.31-5]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-11-23 17:34:41 UTC

CVE-2009-3725 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3725):
  The connector layer in the Linux kernel before 2.6.31.5 does not
  require the CAP_SYS_ADMIN capability for certain interaction with the
  (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows
  local users to bypass intended access restrictions and gain
  privileges via calls to functions in these subsystems.

Comment 1 Bjoern Tropf (RETIRED) gentoo-dev

2009-11-23 18:06:38 UTC

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=127f1bdba584bc2aa2f910273b6b5701d5bad3ed
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=85a79fc56eaee6587d19971b5348261773c1c507
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=060425ef1d42f59b9b3faed31406e9e59c7464a0
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=e1a7338bc0da30633357c84be4df222a1bdbfd99