CVE: CAN-2003-0127
Updated: Tue, 06 Jul 2004 14:36:51 +0900
Summary: The kernel module loader in Linux kernel 2.2.x before 2.2.25, and
         2.4.x before 2.4.21, allows local users to gain root privileges 
	 by using ptrace to attach to a child process that is spawned by 
	 the kernel.  (text:CAN-2003-0127)
Priority: High
Status: Closed
Source: DSA-311-1, RHSA-2003:135-09, RHSA-2003:098-24
Link:  
Resolved In:
  Kernel: 2.4.21-rc2
  Patch:  Note: Patches are additive
          2.4.21-rc2 http://linux.bkbits.net:8080/linux-2.4/cset@1.930.124.23??nav=index.html
          2.4.21-pre6 http://linux.bkbits.net:8080/linux-2.4/cset@1.930.1.90??nav=index.html
          2.4.21-pre6 http://linux.bkbits.net:8080/linux-2.4/cset@1.930.59.44??nav=index.html
  Red Hat Linux 7.3:
         Vendor:      kernel-2.4.18-27.7
         UltraMonkey: kernel-2.4.18-27.7.x.um.1 (initial release)
  Red Hat Linux 8.0:
         Vendor:      kernel-2.4.18-27.8
         UltraMonkey: kernel-2.4.18-27.8.0.um.1 (initial release)
  Red Hat Linux 9:
         Vendor:      kernel-2.4.20-9
         UltraMonkey: kernel-2.4.20-19.9.um.1 (initial release)
  Fedora Core 1:
         Vendor:      (Not Vulnerable >=2.4.21)
         UltraMonkey: (Not Vulnerable >=2.4.21)
  Red Hat Enterprise Linux 3:
         Vendor:      (Not Vulnerable >=2.4.21)
         UltraMonkey: (Not Vulnerable >=2.4.21)
  Debian Woody:
         Vendor:      kernel-source-2.4.18_2.4.18-8
         UltraMonkey: kernel-source-2.4.20_2.4.20-7.woody.um.1 (initial release)
  Debian Sid:
         Vendor:      kernel-source-2.4.20_2.4.20-6
         UltraMonkey: kernel-source-2.4.20_2.4.20-7.woody.um.1 (initial release)