3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
0.4%
Unprivileged local users can use the ptrace function to take advantage of a privileged program, while that program is performing a privileged operation, to gain privileged access.
Ptrace is a function, which is often used for debugging, that allows one process to attach to another and monitor or modify its execution state and memory. This vulnerability exploits a race condition that allows an attacker to use ptrace, or similar function (procfs), to attach to and, thus, modify a running setuid process. This enables the attacker to execute arbitratry code with elevated (root) privilege. Linux kernel version 2.2.18 or before are vulnerable to this flaw. Any Linux product that is dependent on this kernel is, therefore, vulnerable.
Unprivileged local users can gain privileged (root) access.
Upgrade the Linux kernel to version 2.2.19 or later. The release notes for Linux 2.2.19 at <http://www.linux.org.uk/VERSION/relnotes.2219.html> describe the security fix. For users of specific Linux vendors, use the vendor-specific upgrades for convenience and consistency.
176888
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 03, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera provides a fix to this vulnerability at <http://www.caldera.com/support/security/advisories/CSSA-2001-012.0.txt>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 19, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva’s fix for this vulnerability is at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000394.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 16, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Debian provides a fix to this vulnerability at <http://www.debian.org/security/2001/dsa-047>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: March 26, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Immunix provides a fix to this vulnerability at <http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-010-01>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 17, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft’s fix for this vulnerability is at <http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-037.php3?dis=7.0>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: June 15, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD has published Security Advisory 2001-009 to address this issue. For more information, please see
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-009.txt.asc
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 10, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Progency Linux Systems provides a fix for this vulnerability at <http://www.securityfocus.com/advisories/3206>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 10, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat provides a fix for this vulnerability at <http://www.redhat.com/support/errata/RHSA-2001-047.html>. This provides an update of the original announcement, which did not fix the vulnerability, at <http://www.redhat.com/support/errata/RHSA-2001-013.html>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: May 17, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
SuSE provides a fix to this vulnerability at <http://www.suse.de/de/support/security/2001_018_kernel_txt.html>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Notified: April 05, 2001 Updated: May 20, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Trustix provides a fix to this vulnerability at http://www.trustix.net/errata/misc/2001/TSL-2001-0003-kernel.asc.txt.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
Updated: May 20, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Wojciech Purczynski, who discovered this vulnerability, reported that Slackware Linux is vulnerable to this flaw.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23176888 Feedback>).
View all 11 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Wojciech Purczynski for discovering this vulnerability.
This document was written by Andrew P. Moore.
CVE IDs: | CVE-2001-0317 |
---|---|
Severity Metric: | 25.99 Date Public: |