Linux kernel: Privilege Escalation Vulnerability

Users of Linux kernel please be advised of a privilege escalation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

SUSE-SA:2010:053: [SUSE-SA:2010:053] Linux kernel privilege escalation
Affected Products: openSUSE 11.2

openSUSE 11.3

Vulnerability Type: local privilege escalation
Problem Description and Brief Discussion

The openSUSE 11.2 and 11.3 kernels were updated to fix 2 critical

security issues and some small bugs.

Following security issues were fixed:

CVE-2010-3904: A local privilege escalation in RDS sockets allowed

local attackers to gain root privileges.

We thank Dan Rosenberg for reporting this problem.

CVE-2010-2963: A problem in the compat ioctl handling in video4linux

allowed local attackers with a video device plugged in to gain root

privileges on x86_64 systems.Read more at http://www.criticalwatch.com

 

Advertisements