Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 134875 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel (Show other bugs)
2.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jim Paradis
Brian Brock
impact=moderate,embargo=20041110:12
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-06 17:22 EDT by Josh Bressers
Modified: 2013-08-05 21:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-13 15:06:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:505 normal SHIPPED_LIVE Important: Updated kernel packages fix security vulnerability 2004-12-13 00:00:00 EST

  None (edit)
Description Josh Bressers 2004-10-06 17:22:15 EDT 
Paul Starzetz has repoted to vendor-sec an issue in the Linux ELF
binary loader while handling setuid binaries.  This could lead to
local privilege escalation.

This issue is fairly complicated, the advisory is attachment 104867 [details]
with the current patch being investigated as attachment 104868 [details]

This issue is currently embargoed with no date set.
Comment 1 Jason Baron 2004-10-11 15:22:22 EDT 
moving to needinfo, as per Dave Anderson's comments in the
corresponding rhel3 bug, 134874.
Comment 2 Josh Bressers 2004-11-10 09:25:22 EST 
Removing embargo.
Comment 3 Jim Paradis 2004-11-16 22:43:09 EST 
A patch to fix this issue has been committed to the RHEL2.1 U6 (pensacola) tree
for release 2.4.9-e.56
Comment 4 Josh Bressers 2004-11-29 14:15:20 EST 
Here is the CVE information for this issue.

>>20040920 binfmt_elf loader vulnerabilities
>>
>>      2.4.27 and earlier, 2.6.9 and earlier are vulnerable
>>
>>      http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
>>
>>      1&3 Missing return value check may allow memory layout
>>      modification of setuid binaries
  CAN-2004-1070 - missing return value check

>>      2. Incorrect error handling can lead to incorrect mapped image
>>      in memory
  CAN-2004-1071 - incorrect error handling

>>      4. Possible to exceed to the maximum path size of an
>>      interpreter name string which may lead to a denial of service
  CAN-2004-1072 - exceed maximum path size for interpreter name string

>>      5. open_exec() allows reading of non-readable ELF binaries
  CAN-2004-1073 - open_exec reading non-readable ELF binaries
Comment 5 John Flanagan 2004-12-13 15:06:37 EST 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-505.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.