CVE-2010-3301
CVE-2010-3301
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/15023unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74dehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55achttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=634449http://secunia.com/advisories/42758http://sota.gen.nz/compat2/http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.loghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:198http://www.mandriva.com/security/advisories?name=MDVSA-2010:247http://www.openwall.com/lists/oss-security/2010/09/16/1http://www.openwall.com/lists/oss-security/2010/09/16/3