• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux Kernel do_brk Function Boundary Condition Vulnerability

A vulnerability has been discovered in the Linux kernel when handling user-supplied data passed to the do_brk() function. The problem is said to occur due to the do_brk() function failing to carry out sufficient sanity checking when handling address data supplied by a user. As a result, an attacker may be capable of gaining access to sensitive kernel memory. This could ultimately allow for the attacker to read and write to kernel memory, effectively allowing for elevation of local privileges.