Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2536

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2536
Last Modified 05 Sep 2008 04:44:24
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2536

Summary

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5


References

MLIST - 20040507 Bug in IO bitmap handling? Probably exploitable (2.6.5)

XF - linux-exitthread-gain-privileges(16106)

MLIST - 20040507 Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)

BID - 10302

OSVDB - 5997

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6

SECUNIA - 11577


Last Updated: 27 May 2016 10:39:30