Created attachment 114254 [details] Proposed patch from Greg KH (not backported)
"A locally exploitable flaw has been found in the Linux ELF binary format loader's core dump function that allows local users to gain root privileges and also execute arbitrary code at kernel privilege level." For the full description see http://www.securityfocus.com/archive/1/397966/2005-05-08/2005-05-14/0
A new release which fixes this problem upstream has been released as 2.6.11.9 http://lwn.net/Articles/135583/
Note that a sucessful mitigation to this issue is to limit the production of core files, "ulimit -c 0" placed early during system startup (say from rc.sysinit) will remove the risk of this issue.
This went into 2.6.9-9, so its in U1.
It would seem that this issue doesn not affect 2.6 kernels. The patch hardens things a bit, but doesn't fix any security issues.
In the U1 kernel errata we will list this bug, since we've fixed this issue, but we won't list the CVE name since CAN-2005-1263 has no security context for EL4.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-420.html