Linux Security Modules Process Capabilities Design Error Vulnerability

It has been reported that Linux Security Modules suffers from a design error that could result in host compromise. According to the report, when LSM is loaded as a kernel module, existing processes on the system will be granted unauthorized capabilities. This includes non-root processes. A malicious user on the system at this time will have effectively gained administrative access.

Reported affected are versions of LSM for Linux kernels 2.5.x and 2.6.x. LSM on Linux 2.4.x is reportedly not vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus