You are here

T-567: Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges

March 1, 2011 - 6:44pm

Addthis

PROBLEM:

Linux Kernel Buffer Overflow in ldm_frag_add() May Let Local Users Gain Elevated Privileges .

 

PLATFORM:

Linux Kernel 2.4.x, 2.6.x

ABSTRACT:

A vulnerability was reported in the Linux Kernel. A local user may be able to obtain elevated privileges on the target system. A physically local user can connect a storage device with a specially crafted LDM partition table to trigger a buffer overflow in the ldm_frag_add() function in 'fs/partitions/ldm.c' and potentially execute arbitrary code with elevated privileges.

reference LINKS:

Security Tracker - Alert ID: 1025128
Mitre Reference - CVE-2011-1017
Security Tracker - Root access via local system
 

IMPACT ASSESSMENT:

Medium

Discussion:

CVE-2011-1017: A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow to escalate privileges or to disclose sensitive information via a corrupted LDM partition table.

Solution:

No solution was available at the time of this entry.

Addthis