{"vuid":"VU#176888","idnumber":"176888","name":"Linux kernel contains race condition via ptrace/procfs/execve","keywords":["linux","kernel","ptrace","execve","procfs"],"overview":"Unprivileged local users can use the ptrace function to take advantage of a privileged program, while that program is performing a privileged operation, to gain privileged access.","clean_desc":"Ptrace is a function, which is often used for debugging, that allows one process to attach to another and monitor or modify its execution state and memory. This vulnerability exploits a race condition that allows an attacker to use ptrace, or similar function (procfs), to attach to and, thus, modify a running setuid process. This enables the attacker to execute arbitratry code with elevated (root) privilege. Linux kernel version 2.2.18 or before are vulnerable to this flaw. Any Linux product that is dependent on this kernel is, therefore, vulnerable.","impact":"Unprivileged local users can gain privileged (root) access.","resolution":"Upgrade the Linux kernel to version 2.2.19 or later. The release notes for Linux 2.2.19 at http://www.linux.org.uk/VERSION/relnotes.2219.html describe the security fix. For users of specific Linux vendors, use the vendor-specific upgrades for convenience and consistency.","workarounds":"","sysaffected":"","thanks":"Thanks to Wojciech Purczynski for discovering this vulnerability.","author":"This document was written by Andrew P. Moore.","public":["http://www.linux.org.uk/VERSION/relnotes.2219.html","http://www.securityfocus.com/archive/1/171708","http://www.ciac.org/ciac/bulletins/l-076.shtml"],"cveids":["CVE-2001-0317"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-03-28T18:56:50Z","publicdate":"2001-03-26T00:00:00Z","datefirstpublished":"2001-07-18T18:59:17Z","dateupdated":"2002-05-20T15:54:25Z","revision":29,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"3","cam_population":"14","cam_impact":"20","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"25.9875","cam_scorecurrentwidelyknown":"25.9875","cam_scorecurrentwidelyknownexploited":"33.8625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":25.9875,"vulnote":null}