vendor:
Ubuntu Linux
by:
Halfdog
7.5
CVSS
HIGH
Subverting Stack Base Address Randomization with Suid-Binaries
119
CWE
Product Name: Ubuntu Linux
Affected Version From: Ubuntu Lucid stock kernel 2.6.32-27-generic
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Linux
2011
Subvert The Stack Base Address Randomization With Suid-Binaries
The latest Ubuntu Lucid stock kernel (2.6.32-27-generic) contains a bug that allows a lower privileged user to keep attached to open /proc file entries even after the process is executing suid binary. This allows a malicious user to access information from the proc interface or modify process settings of privileged processes. By monitoring syscalls, syscall stack, and limits of running suid binaries, a simple helper program (ProcReadHelper.c) can be used to open a proc entry before executing a suid program and keep it open. This exploit can also modify core dump flags of running suid binaries by using the same technique on writeable proc files.
Mitigation:
Upgrade to a fixed version of the kernel or apply patches provided by the vendor.