Candidate: CVE-2004-1235
References: 
 BUGTRAQ:20050107 Linux kernel sys_uselib local root vulnerability
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
 MISC:http://isec.pl/vulnerabilities/isec-0021-uselib.txt
 CONECTIVA:CLA-2005:930
 URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
 FEDORA:FEDORA-2005-013
 URL:http://www.securityfocus.com/advisories/7806
 FEDORA:FEDORA-2005-014
 URL:http://www.securityfocus.com/advisories/7805
 FEDORA:FLSA:2336
 URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
 MANDRAKE:MDKSA-2005:022
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:022
 REDHAT:RHSA-2005:043
 URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
 REDHAT:RHSA-2005:092
 URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
 TRUSTIX:2005-0001
 URL:http://www.trustix.org/errata/2005/0001/
 CONFIRM:http://www.securityfocus.com/advisories/7804
 BID:12190
 URL:http://www.securityfocus.com/bid/12190
 XF:linux-uselib-gain-privileges(18800)
 URL:http://xforce.iss.net/xforce/xfdb/18800
Description: 
 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls
 for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows
 local users to execute arbitrary code by manipulating the VMA descriptor.
Notes: 
Bugs: 
upstream: 
linux-2.6: 
2.6.8-sarge-security: released (2.6.8-12) [028-do_brk_security_fixes.dpatch]
2.4.27-sarge-security: released (2.4.27-8) [122_sec_brk-locked.diff]
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-14.4)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.18)
2.4.18-woody-security-hppa: released (62.4)