[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] local root exploit in Linux kernel (redhat, debian)

To: linux-security
Subject: Re: [linux-security] local root exploit in Linux kernel (redhat, debian)
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 17 Apr 2001 13:24:38 -0700
In-Reply-To: <20010402190047.A16595@stikine.ucs.sfu.ca>; from siegert@sfu.ca on Mon, Apr 02, 2001 at 07:00:47PM -0700
References: <20010402190047.A16595@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.2.5i

On Mon, Apr 02, 2001 at 07:00:47PM -0700, Martin Siegert wrote:
> Topic
> =====
> local root exploit in Linux kernel.

RedHat and Debian have released updated kernel versions 2.2.19 that fix
the local root exploit.

Update information:

RedHat 6.x
----------
The procedure for upgrading the kernel is documented at:

http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Find out which type of kernel you are running:
rpm -q kernel
rpm -q kernel-smp
rpm -q kernel-ibcs
rpm -q kernel-pcmcia-cs

Then install only those kernel rpms that you have installed, i.e., execute
only those of the following commands for your platform, that install a kernel
package of which you have an earlier version installed.

i386:
rpm -ivh kernel-2.2.19-6.2.1.i386.rpm
rpm -ivh kernel-smp-2.2.19-6.2.1.i386.rpm
rpm -ivh kernel-ibcs-2.2.19-6.2.1.i386.rpm
rpm -ivh kernel-pcmcia-cs-2.2.19-6.2.1.i386.rpm

i586:
rpm -ivh kernel-2.2.19-6.2.1.i586.rpm
rpm -ivh kernel-smp-2.2.19-6.2.1.i586.rpm

i686:
rpm -ivh kernel-2.2.19-6.2.1.i686.rpm
rpm -ivh kernel-smp-2.2.19-6.2.1.i686.rpm
rpm -ivh kernel-enterprise-2.2.19-6.2.1.i686.rpm

After installing the new kernel upgrade the following packages:

rpm -Fvh nfs-utils-0.3.1-0.6.x.i386.rpm \
         mount-2.10r-0.6.x.i386.rpm \
         losetup-2.10r-0.6.x.i386.rpm \
         kernel-doc-2.2.19-6.2.1.i386.rpm \
         kernel-headers-2.2.19-6.2.1.i386.rpm \
         kernel-source-2.2.19-6.2.1.i386.rpm \
         kernel-utils-2.2.19-6.2.1.i386.rpm

RedHat 7.0
----------
The upgrade procedure goes along the same lines as described under 6.x.
Here are the correxponding upgrade commands:

i386:
rpm -ivh kernel-2.2.19-7.0.1.i386.rpm
rpm -ivh kernel-smp-2.2.19-7.0.1.i386.rpm
rpm -ivh kernel-ibcs-2.2.19-7.0.1.i386.rpm
rpm -ivh kernel-pcmcia-cs-2.2.19-7.0.1.i386.rpm

i586:
rpm -ivh kernel-2.2.19-7.0.1.i586.rpm
rpm -ivh kernel-smp-2.2.19-7.0.1.i586.rpm

i686:
rpm -ivh kernel-2.2.19-7.0.1.i686.rpm
rpm -ivh kernel-smp-2.2.19-7.0.1.i686.rpm
rpm -ivh kernel-enterprise-2.2.19-7.0.1.i686.rpm

For all platforms:
rpm -Uvh nfs-utils-0.3.1-6.i386.rpm \
         mount-2.10r-5.i386.rpm \
         losetup-2.10r-5.i386.rpm \
         kernel-doc-2.2.19-7.0.1.i386.rpm \
         kernel-utils-2.2.19-7.0.1.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade the following packages

kernel-headers-2.2.19-compact_2.2.19-2_i386.deb
kernel-headers-2.2.19-ide_2.2.19-2_i386.deb
kernel-headers-2.2.19-idepci_2.2.19-2_i386.deb
kernel-headers-2.2.19_2.2.19-2_i386.deb
kernel-image-2.2.19-compact_2.2.19-2_i386.deb
kernel-image-2.2.19-ide_2.2.19-2_i386.deb
kernel-image-2.2.19-idepci_2.2.19-2_i386.deb
kernel-image-2.2.19_2.2.19-2_i386.deb
kernel-doc-2.2.19_2.2.19-2_all.deb
kernel-source-2.2.19_2.2.19-2_all.deb

References:
- [linux-security] local root exploit in Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] local root exploit in Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: Re: [linux-security] ALERT: remote root exploit in ntpd (addendum)
Next by Date: [linux-security] new rpm packages released
Prev by thread: Re: [linux-security] local root exploit in Linux kernel (Caldera)
Next by thread: Re: [linux-security] local root exploit in Linux kernel (mandrake)
Index(es):
- Date
- Thread