294238 – Kernel: uvesafb, phomelfs, dst, dm CAP_SYS_ADMIN privilege escalation (CVE-2009-3725)

Bug 294238 - Kernel: uvesafb, phomelfs, dst, dm CAP_SYS_ADMIN privilege escalation (CVE-2009-3725)

Summary: Kernel: uvesafb, phomelfs, dst, dm CAP_SYS_ADMIN privilege escalation (CVE-20...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.31.5] [gp <2.6.31-5]
Keywords:

Depends on:
Blocks:

Reported:	2009-11-23 17:34 UTC by Alex Legler (RETIRED)
Modified:	2013-09-15 18:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-11-23 17:34:41 UTC

CVE-2009-3725 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3725):
  The connector layer in the Linux kernel before 2.6.31.5 does not
  require the CAP_SYS_ADMIN capability for certain interaction with the
  (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows
  local users to bypass intended access restrictions and gain
  privileges via calls to functions in these subsystems.

Comment 1 Bjoern Tropf (RETIRED) gentoo-dev

2009-11-23 18:06:38 UTC

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=127f1bdba584bc2aa2f910273b6b5701d5bad3ed
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=85a79fc56eaee6587d19971b5348261773c1c507
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=060425ef1d42f59b9b3faed31406e9e59c7464a0
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.31.y.git;a=commit;h=e1a7338bc0da30633357c84be4df222a1bdbfd99