• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux Kernel chown() System Call Group Ownership Alteration Vulnerability

It is reported that the Linux kernel version 2.6 contains a flaw which allows users to improperly change the group ownership on arbitrary files that they do not own. For the Linux kernel 2.4.X this issue is only exploitable when the kernel NFS server is active, for the 2.6.X kernel this issue is always exploitable.

An attacker may reportedly be able to exploit this issue to gain superuser privileges.

This issue was reported in version 2.6.6, but other versions, including 2.4.X, are also likely vulnerable.