Linux kernel ptrace privilege elevation vulnerability

Added: 06/27/2007
CVE: CVE-2003-0127
BID: 7112
OSVDB: 4565

Background

ptrace is a Linux system call which enables a parent process to observe and control another process.

Problem

Due to a failure by the kernel to restrict trace permissions, a local attacker could gain root privileges by attaching to specific root spawned processes.

Resolution

Upgrade to Linux kernel 2.2.25 or 2.4.21 or higher, or apply a fix from your Linux vendor.

References

http://www.kb.cert.org/vuls/id/628849

Limitations

There may be a delay before the exploit succeeds.

Platforms

Linux

Back to exploit index