TITLE: Linux Kernel Console Keyboard Mapping Shell Command Injection SECUNIA ADVISORY ID: SA17226 VERIFY ADVISORY: http://secunia.com/advisories/17226/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Rudolf Polzer has reported a vulnerability in the Linux Kernel, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the way console keyboard mapping is handled. The keyboard map installed by a local user using "loadkeys" is applied to all virtual consoles and is not being reset after the user logs out. Successful exploitation allows malicious console users to inject arbitrary shell commands into certain key mappings, which are executed when the next logon console user uses the re-mapped key. The vulnerability has been reported in Kernel 2.6. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Rudolf Polzer ORIGINAL ADVISORY: Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334113 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------