vendor:
Linux Kernel
by:
Anonymous
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Linux Kernel
Affected Version From: 2.2
Affected Version To: 2.4
Patch Exists: YES
Related CWE: N/A
CPE: o:linux:linux_kernel
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002
Linux Kernel ptrace() Privilege Escalation Vulnerability
A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
Mitigation:
Restrict trace permissions on specific root spawned processes.