local root exploit in Linux Kernel

2003-12-04T15:40:06
ID SUSE-SA:2003:049
Type suse
Reporter Suse
Modified 2003-12-04T15:40:06

Description

This security update fixes a serious vulnerability in the Linux kernel. A missing bounds check in the brk() system call allowed processes to request memory beyond the maximum size allowed for tasks, causing kernel memory to be mapped into the process' address space. This allowed local attackers to obtain super user privileges.