Red Hat Bugzilla – Bug 142964
CAN-2004-1144 x86-64 privilege escalation
Last modified: 2007-11-30 17:07:05 EST
Petr Vandrovec found a exploitable root hole in all 2.4 x86-64 kernels
that have 32bit emulation enabled. The bug does not appear in 2.6
because some rewrites in 2.5 timeframe fixed it as a side effect.
This issue does not affect RHEL2.1
Patch for this issue
--- linux-2.4.28/arch/x86_64/ia32/ia32entry.S.orig 2004-08-08
+++ linux-2.4.28/arch/x86_64/ia32/ia32entry.S 2004-12-06
@@ -52,6 +52,7 @@
+ mov %eax,%eax
Embargo moved by SUSE to Dec22nd 12GMT
A fix for this problem has just been committed to the RHEL3 E5
patch pool this evening (in kernel version 2.4.21-27.0.1.EL).
Embargo date and time reached; removing embargo.
A fix for this problem has also been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.4.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.