Red Hat Bugzilla – Bug 195902
CVE-2006-2451 Possible privilege escalation through prctl() and suid_dumpable
Last modified: 2009-04-28 00:04:46 EDT
The prctl() function allows to set the value 2 for PR_SET_DUMPABLE by
unprivileged processes. In case of a segmentation fault the core dump will then
be owned by the user root.
This could lead to a denial of service (disk consumption) or allow a local user
to gain root privileges.
The suid_dumpable support and prctl(PR_SET_DUMPABLE, 2) have been added with the
2.6.13 kernel and Red Hat Enterprise Linux 4 contains a backport of it.
The patch for the stable kernel series of 2.6.17 can be found here:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
committed in stream U4 build 40.1. A test kernel with this patch is available
Verified fix on 40.1 as well by hand. (for some reason my automated test for
this doesn't want to work inside of RHTS.)
downside to this is upgrade to the latest kernel on es4 = kernel-2.6.9-34.0.2
and you will be faced with this nasty =
It is impossible that the fix included in kernel-2.6.9-34.0.2 can cause any of
the symptoms described in bug #188141. Please don't pollute this bug with
your comment on this page, i disagree that the bug is fixed in
kernel-2.6.9-34.0.2, as on the bugzilla it states that the bug is for
kernel-2.6.9-34, are you stating it is therefore fixed in your 0.2 revision?
If so why does larry tell me that its only fixed in kernel-2.6.9-42? and that
the patch will not be implemented until es4 U4.
More importantly i rolled back the kernel on this client to 2.6.9-5 and the swap
and load went right down and resumed to normal operation, before hand it had
excatly the same symptons as the bug reported and due to the high memory usuage
on this box, it caused it to crash after a few days.
So i do not belive that this has been fixed in kernel-2.6.9-34.0.2.
I would expect a reply to this since we want to roll out a non vulnerable kernel
upgrade on our clients redhat boxes and so far no one has given us a solution to
The kernel-2.6.9-34.0.x packages are kernels which contain security updates.
They are fixing security issues. In general these can not introduce the reported
issue nor can they fix it. The kernel-2.6.9-34.0.2 in particular contains a fix
for the privilege escalation described in this Bugzilla report.
I never said that that kernel-2.6.9-34.0.2 will fix your problem, but it is also
not the cause of your problem. So using this Bugzilla to report an issue is
wrong. Please open a new Bugzilla report if you have problems with the
kernel-2.6.9-34 series (RHEL4 U3) or wait for kernel-2.6.9-42 (RHEL4 U4) if this
is known to fix it.