Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 15 Dec 2010 20:59:56 +0800
From: Eugene Teo <>
CC: Marcus Meissner <>,
Subject: Re: CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method

On 12/15/2010 07:00 PM, Marcus Meissner wrote:
> Hi,
> changes /sys/kernel/debug/acpi/custom_method from -w--w--w- to -w-------.
> This custom_method file allows to inject custom ACPI methods into the
> ACPI interpreter tables.
> This control file was introduced with world writeable permissions
> in Linux Kernel 2.6.33.
> Fix is in 2.6.37rc and the stable release so far.
> I would say that privilege escalation is possible.

Please use CVE-2010-4347.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ