rPath Security Advisory: 2006-0122-2
2006-07-13 Upgraded to Critical status with additional information
Products: rPath Linux 1
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Previous versions of the kernel package have two specific
vulnerablities that are addressed in this version.
The first vulnerability allows any local user to fill up file
systems by causing core dumps to write to directories to which
they do not have write access permissions, and on most systems
(including any system that provides a generally-accessible "cron"
or "at" service) to escalate to run arbitrary code as the root user.
An exploit for this privilege escalation vulnerability is
publically available and in active use.
The second vulnerability applies only to systems using the SCTP
protocol, which is not enabled by default, and the tools required
to configure it (lksctp-tools) are not included in rPath Linux.
This vulnerability, which cannot apply to systems without
lksctp-tools installed, enables a remote denial of service attack
in which specially-crafted packets can crash the system.
A system reboot is required to make the update to resolve these
vulnerabilities effective. rPath strongly recommends that all
users apply this update.