CVE: CAN-2003-0961
Updated: Tue, 06 Jul 2004 14:24:29 +0900
Summary: Integer overflow in the do_brk function for the brk system call in
         Linux kernel 2.4.22 and earlier allows local users to gain root 
	 privileges. (text:CAN-2003-0961)
Priority: High
Status: Closed
Source: RHBA-2003:308-12, RHSA-2003:392-05, DSA-403-1,
        FEDORA-2004-079, FEDORA-2004-080, 
Link:  http://www.ultramonkey.org/news_archive.shtml#2003120800
       http://www.ultramonkey.org/news_archive.shtml#2003120300
Resolved In:
  Kernel: 2.4.23-pre7
  Patch:  http://linux.bkbits.net:8080/linux-2.4/cset@1.1136.7.2??nav=index.html
  Red Hat Linux 7.3:
          Vendor:      kernel-2.4.20-24.7
          UltraMonkey: kernel-2.4.20-24.7.um.1
  Red Hat Linux 8.0:
          Vendor:      kernel-2.4.20-24.8
          UltraMonkey: kernel-2.4.20-24.8.um.1
  Red Hat Linux 9:
          Vendor:      kernel-2.4.20-24.9
          UltraMonkey: kernel-2.4.20-24.9.um.1
  Fedora Core 1:
          Vendor:      kernel-2.4.22-1.2173.nptl, 2.4.22-1.2174.nptl
          UltraMonkey: kernel-2.4.22-1.2174.nptl.um.2
  Red Hat Enterprise Linux 3:
          Vendor:      kernel-2.4.21-4.0.1.EL
          UltraMonkey: kernel-2.4.21-9.EL.um.1 (initial release)
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18_2.4.18-14.1
          UltraMonkey: 2.4.22-1-ipvs_2.4.22-5woody.um.1
  Debian Sid:
          Vendor:      kernel-source-2.4.23-2.4.23-1
          UltraMonkey: 2.4.22-1-ipvs_2.4.22-5.um.1