[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] local root exploit in Linux kernel
- To: linux-security@sfu.ca
- Subject: [linux-security] local root exploit in Linux kernel
- From: Martin Siegert <siegert@sfu.ca>
- Date: Sat, 13 Mar 2004 16:25:58 -0800
- User-Agent: Mutt/1.4.1i
Topic
=====
local root exploit in Linux kernel
Problem Description
===================
A second vulnerability has been found in the Linux kernel memory management
code inside the mremap system call due to missing function return value
check. This bug is completely unrelated to the mremap bug reported in the
previous kernel advisory except that it concerns the same internal kernel
function code.
This vulnerability can be exploited by local users to gain root priviledges.
Affected Versions
=================
Linux kernel versions 2.2.x with x < 26, 2.4.y with y < 25, 2.6.z with z < 3
Solution
========
upgrade to kernel versions 2.2.26, 2.4.25, or 2.6.3 (or later)
[or patched version for your distribution]
SFU 1.0 (RedHat 7.3)
--------------------
(packages can be found at ftp://ftp.sfu.ca/pub/linux/1.0/RPMS/
or on sphinx.sfu.ca in /vol/vol0/distrib/sfu/1.0/RPMS)
rpm -ivh kernel<type>-2.4.20-30.7.<arch>.rpm
where <type> is either empty, "-smp" or "-bigmem" and <arch> is one of
i386, i586, i686, athlon.
rpm -Fvh kernel-source-2.4.20-30.7.i386.rpm \
kernel-doc-2.4.20-30.7.i386.rpm
RedHat 9
--------
rpm -ivh kernel<type>-2.4.20-30.9.<arch>.rpm
where <type> is either empty, "-smp" or "-bigmem" and <arch> is one of
i386, i586, i686, athlon.
rpm -Fvh kernel-source-2.4.20-30.9.i386.rpm \
kernel-doc-2.4.20-30.9.i386.rpm
SuSE-8.1
--------
rpm -ivh k_<type>-2.4.21-189.i586.rpm
where <type> is one of deflt, smp, psmp, athlon.
You can determine the correct type for your system with the command:
rpm -qf /boot/vmlinuz
rpm -Fvh kernel-source-2.4.21-189.i586.rpm
SuSE-8.2
--------
rpm -ivh k_<type>-2.4.20-105.i586.rpm
where <type> is one of deflt, smp, psmp, athlon.
You can determine the correct type for your system with the command:
rpm -qf /boot/vmlinuz
rpm -Fvh kernel-source-2.4.20.SuSE-104.i586.rpm
SuSE-9.0
--------
rpm -ivh k_<type>-2.4.21-192.i586.rpm
where <type> is one of deflt, smp, smp4G, um, athlon.
You can determine the correct type for your system with the command:
rpm -qf /boot/vmlinuz
rpm -Fvh kernel-source-2.4.21-192.i586.rpm
Fedora 1
--------
rpm -ivh kernel<type>-2.4.22-1.2174.nptl.<arch>.rpm
where <type> is either empty or "-smp" and <arch> is one of
i586, i686, athlon.
rpm -Fvh kernel-source-2.4.22-1.2174.nptl.i386.rpm \
kernel-doc-2.4.22-1.2174.nptl.i386.rpm
Debian 3.0 (woody)
------------------
upgrade to one of kernel-image-2.2.20_2.2.20-5woody5_i386.deb
kernel-image-2.2.20-compact_2.2.20-5woody5_i386.deb
kernel-image-2.2.20-idepci_2.2.20-5woody5_i386.deb
kernel-image-2.2.20-reiserfs_2.2.20-4woody1_i386.deb
and one of kernel-headers-2.2.20_2.2.20-5woody5_i386.deb
kernel-headers-2.2.20-compact_2.2.20-5woody5_i386.deb
kernel-headers-2.2.20-idepci_2.2.20-5woody5_i386.deb
kernel-headers-2.2.20-reiserfs_2.2.20-4woody1_i386.deb
and kernel-doc-2.2.20_2.2.20-5woody3_all.deb
kernel-source-2.2.20_2.2.20-5woody3_all.deb
Mandrake 9.0
------------
rpm -ivh kernel<type>-2.4.19.38mdk-1-1mdk.i586.rpm
where <type> is either empty or "-smp", "-enterprise", or "-secure".
rpm -Fvh kernel-source-2.4.19-38mdk.i586.rpm
Mandrake 9.1
------------
rpm -ivh kernel<type>-2.4.21.0.28mdk-1-1mdk.i586.rpm
where <type> is either empty or "-smp", "-enterprise", or "-secure".
rpm -Fvh kernel-source-2.4.21-0.28mdk.i586.rpm
Mandrake 9.2
------------
rpm -ivh kernel<type>-2.4.22.28mdk-1-1mdk.i586.rpm
where <type> is either empty or "-smp", "-enterprise", "-secure",
"-i686-up-4GB" or "-p3-smp-64GB".
rpm -Fvh kernel-source-2.4.22-28mdk.i586.rpm