Linux kernel ptrace privilege elevation vulnerability
Added: 06/27/2007CVE: CVE-2003-0127
BID: 7112
OSVDB: 4565
Background
ptrace is a Linux system call which enables a parent process to observe and control another process.Problem
Due to a failure by the kernel to restrict trace permissions, a local attacker could gain root privileges by attaching to specific root spawned processes.Resolution
Upgrade to Linux kernel 2.2.25 or 2.4.21 or higher, or apply a fix from your Linux vendor.References
http://www.kb.cert.org/vuls/id/628849Limitations
There may be a delay before the exploit succeeds.Platforms
LinuxBack to exploit index