Re: Linux ELF loader vulnerabilities

[Ted Percival <ted@xxxxxxxxxxxx>]

These vulnerabilities appear to exist in 2.6.9 as well. All five buggy 
lines appear verbatim in the 2.6.9 source.

Ted Percival

Paul Starzetz wrote:
> Synopsis:  Linux kernel binfmt_elf loader vulnerabilities
> Product:   Linux kernel
> Version:   2.4 up to to and including 2.4.27, 2.6 up to to and
>            including 2.6.8
> Vendor:    http://www.kernel.org/
> URL:       http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
> CVE:       not assigned
> Author:    Paul Starzetz <ihaquer@xxxxxxx>
> Date:      Nov 10, 2004
>
> Issue:
> ======
>
> Numerous  bugs  have  been  found  in  the Linux ELF binary loader while
> handling setuid binaries.