[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] another local root exploit in the Linux kernel (Caldera)



On Mon, Oct 22, 2001 at 05:46:29PM -0700, Martin Siegert wrote:
> Topic
> =====
> Local root exploit in Linux kernel.
> 
> Problem Description
> ===================
> There are two bugs in Linux kernels 2.2.x, x <= 19 and 2.4.y, y <= 10.
> The first vulnerability results in local denial-of-service (DoS) attack
> by forcing  the kernel to spend almost arbitrary amount of time
> on dereferencing a single symlink.
> The second one, involving ptrace once again, can be used to gain root
> privileges locally.

Caldera has released new kernel packages that fix these problems:

Solution
========
In all cases you must reboot after installing the new packages in order
to activate the fixes.

Caldera OpenLinux 2.3
---------------------

rpm -Fvh --force linux-kernel-binary-2.2.10-13.i386.rpm \
              linux-kernel-doc-2.2.10-13.i386.rpm \
              linux-kernel-include-2.2.10-13.i386.rpm \
              linux-source-alpha-2.2.10-13.i386.rpm \
              linux-source-arm-2.2.10-13.i386.rpm \
              linux-source-common-2.2.10-13.i386.rpm \
              linux-source-i386-2.2.10-13.i386.rpm \
              linux-source-m68k-2.2.10-13.i386.rpm \
              linux-source-mips-2.2.10-13.i386.rpm \
              linux-source-ppc-2.2.10-13.i386.rpm \
              linux-source-sparc-2.2.10-13.i386.rpm \
              linux-source-sparc64-2.2.10-13.i386.rpm \
              pcmcia-cs-3.0.14-4.i386.rpm

Caldera OpenLinux eServer 2.3.1
-------------------------------

rpm -Fvh linux-kernel-binary-2.2.14-12S.i386.rpm \
              linux-kernel-doc-2.2.14-12S.i386.rpm \
              linux-kernel-include-2.2.14-12S.i386.rpm \
              linux-source-alpha-2.2.14-12S.i386.rpm \
              linux-source-arm-2.2.14-12S.i386.rpm \
              linux-source-common-2.2.14-12S.i386.rpm \
              linux-source-i386-2.2.14-12S.i386.rpm \
              linux-source-m68k-2.2.14-12S.i386.rpm \
              linux-source-mips-2.2.14-12S.i386.rpm \
              linux-source-ppc-2.2.14-12S.i386.rpm \
              linux-source-sparc-2.2.14-12S.i386.rpm \
              linux-source-sparc64-2.2.14-12S.i386.rpm \
              pcmcia-cs-3.1.4-4.i386.rpm

Caldera OpenLinux eDesktop 2.4
------------------------------

rpm -Fvh hwprobe-20000214-5.i386.rpm iBCS-2.1-11.i386.rpm \
              linux-kernel-binary-2.2.14-8.i386.rpm \
              linux-kernel-doc-2.2.14-8.i386.rpm \
              linux-kernel-include-2.2.14-8.i386.rpm \
              linux-source-alpha-2.2.14-8.i386.rpm \
              linux-source-arm-2.2.14-8.i386.rpm \
              linux-source-common-2.2.14-8.i386.rpm \
              linux-source-i386-2.2.14-8.i386.rpm \
              linux-source-m68k-2.2.14-8.i386.rpm \
              linux-source-mips-2.2.14-8.i386.rpm \
              linux-source-ppc-2.2.14-8.i386.rpm \
              linux-source-sparc-2.2.14-8.i386.rpm \
              linux-source-sparc64-2.2.14-8.i386.rpm \
              pcmcia-cs-3.1.8-4.i386.rpm

Caldera OpenLinux 3.1 Server
----------------------------

/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13S.i386.rpm \
              linux-kernel-include-2.4.2-13S.i386.rpm \
              linux-source-alpha-2.4.2-13S.i386.rpm \
              linux-source-arm-2.4.2-13S.i386.rpm \
              linux-source-common-2.4.2-13S.i386.rpm \
              linux-source-i386-2.4.2-13S.i386.rpm \
              linux-source-ia64-2.4.2-13S.i386.rpm \
              linux-source-m68k-2.4.2-13S.i386.rpm \
              linux-source-mips-2.4.2-13S.i386.rpm \
              linux-source-ppc-2.4.2-13S.i386.rpm \
              linux-source-s390-2.4.2-13S.i386.rpm \
              linux-source-sparc-2.4.2-13S.i386.rpm \
              linux-source-superH-2.4.2-13S.i386.rpm
/sbin/depmod -a

Caldera OpenLinux 3.1 Workstation
---------------------------------

/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13D.i386.rpm \
              linux-kernel-include-2.4.2-13D.i386.rpm \
              linux-source-alpha-2.4.2-13D.i386.rpm \
              linux-source-arm-2.4.2-13D.i386.rpm \
              linux-source-common-2.4.2-13D.i386.rpm \
              linux-source-i386-2.4.2-13D.i386.rpm \
              linux-source-ia64-2.4.2-13D.i386.rpm \
              linux-source-m68k-2.4.2-13D.i386.rpm \
              linux-source-mips-2.4.2-13D.i386.rpm \
              linux-source-ppc-2.4.2-13D.i386.rpm \
              linux-source-s390-2.4.2-13D.i386.rpm \
              linux-source-sparc-2.4.2-13D.i386.rpm \
              linux-source-superH-2.4.2-13D.i386.rpm
         
/sbin/depmod -a