Bug 198963 - CVE-2006-2451 Possible privilege escalation through prctl() and suid_dumpable
CVE-2006-2451 Possible privilege escalation through prctl() and suid_dumpable
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
impact=important,source=redhat,report...
: Security
Depends On: CVE-2006-2451
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-14 20:37 EDT by Jason Vas Dias
Modified: 2007-11-30 17:11 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-15 03:44:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Jason Vas Dias 2006-07-14 20:42:35 EDT
I've just reproduced this issue under kernel-2.6.17-1.2145 on FC-5 and
kernel-2.6.17-1.2364 on FC-6 - see bug 198893 for a nasty reproducer.

I suggest that we apply the patch to prevent processes with the 
PR_SET_DUMPABLE flag set from being able to dump core in whatever
directory they can cd into, regardless of whether the userid has
write permission, ASAP.
Comment 2 Dave Jones 2006-07-15 03:44:50 EDT
fixed in 2158 for FC5
fixed in rawhide too some time after 2364.

Note You need to log in before you can comment on or make changes to this bug.