7321207 2001-10-18 17:11 -0600 /357 rader/ Support Info <supinfo@caldera.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-10-19 06:21 av Brevbäraren
Extern mottagare: announce@lists.caldera.com
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: linux-security@redhat.com
Extern mottagare: linuxlist@securityportal.com
Mottagare: Bugtraq (import) <19496>
Ärende: Security Update: [CSSA-2001-036.0] Linux - Several Linux Kernel Security Problems
------------------------------------------------------------
From: Support Info <supinfo@caldera.com>
To: announce@lists.caldera.com, bugtraq@securityfocus.com,
linux-security@redhat.com, linuxlist@securityportal.com
Message-ID: <20011018171127.A14055@phoenix.calderasystems.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - several linux kernel security problems
Advisory number: CSSA-2001-036.0
Issue date: 2001, October 18
Cross reference:
______________________________________________________________________________
1. Problem Description
Yet another ptrace race condition has been found which allows local
attackers to get access to the root account.
Also, a local attacker can use a recursive symlink structure setup
to effectively cause all filesystem actions to hang for an infinite
amount of time.
The IPTABLES implementation in the 2.4 kernel also had a problem in
the RELATED connection handling of the ip_conntrack_module which is
fixed by the supplied packages.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
linux-2.2.10-13
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder linux-2.2.14-12S
OpenLinux eDesktop 2.4 All packages previous to
linux-2.2.14-8
OpenLinux Server 3.1 All packages previous to
linux-2.4.2-13S
OpenLinux Workstation 3.1 All packages previous to
linux-2.4.2-13D
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
32c753ec6dadc0f17aa1f8816c639258
linux-kernel-binary-2.2.10-13.i386.rpm
658484d165b5aa98abe0a8ccc3b413b9
linux-kernel-doc-2.2.10-13.i386.rpm
be8f85ee1d99495302b9b80db3a906f7
linux-kernel-include-2.2.10-13.i386.rpm
ca9cc1518d899208659fae690c4ef79a
linux-source-alpha-2.2.10-13.i386.rpm
41bb1351cd4db90a1958852637ffd764
linux-source-arm-2.2.10-13.i386.rpm
e85e1efc352d6fd2475e0b5ca466fe2f
linux-source-common-2.2.10-13.i386.rpm
717b44fa64a521312d6dbc961a72541e
linux-source-i386-2.2.10-13.i386.rpm
1fef2cc0899f4bfebc47b88524284496
linux-source-m68k-2.2.10-13.i386.rpm
84833d03056c2c680a24913f5e3797f7
linux-source-mips-2.2.10-13.i386.rpm
2475e6c69ecd2e2917b50b951b9eca6b
linux-source-ppc-2.2.10-13.i386.rpm
2b5714eb6ff0397e5fba9f23e2bb1ef7
linux-source-sparc-2.2.10-13.i386.rpm
5cd6a57d8ede20fda0fb88834c7360b4
linux-source-sparc64-2.2.10-13.i386.rpm
cbde8a50017727fff85603aae5c53db7 pcmcia-cs-3.0.14-4.i386.rpm
c97ea2d01d25eaa772e4097967bc6b7f linux-2.2.10-13.src.rpm
ccc40c5a90dae7ac0608fa4587aaf074 pcmcia-cs-3.0.14-4.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh --force linux-kernel-binary-2.2.10-13.i386.rpm \
linux-kernel-doc-2.2.10-13.i386.rpm \
linux-kernel-include-2.2.10-13.i386.rpm \
linux-source-alpha-2.2.10-13.i386.rpm \
linux-source-arm-2.2.10-13.i386.rpm \
linux-source-common-2.2.10-13.i386.rpm \
linux-source-i386-2.2.10-13.i386.rpm \
linux-source-m68k-2.2.10-13.i386.rpm \
linux-source-mips-2.2.10-13.i386.rpm \
linux-source-ppc-2.2.10-13.i386.rpm \
linux-source-sparc-2.2.10-13.i386.rpm \
linux-source-sparc64-2.2.10-13.i386.rpm \
pcmcia-cs-3.0.14-4.i386.rpm
Please reboot to activate fixes.
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
b8a6089505a26cde57351690d7c6fe16
linux-kernel-binary-2.2.14-12S.i386.rpm
3b6226cc2be698ff5399962b53c65f19
linux-kernel-doc-2.2.14-12S.i386.rpm
63ce75c07a9cad64cb27660885c12747
linux-kernel-include-2.2.14-12S.i386.rpm
9ad03cc52cc534f200b6148bfabe2caf
linux-source-alpha-2.2.14-12S.i386.rpm
ecdb11e2b8dd146dd67a08a27674a1d4
linux-source-arm-2.2.14-12S.i386.rpm
b1be6a17c6c2a455b550cf70ac1a52b3
linux-source-common-2.2.14-12S.i386.rpm
bf281540084025a7d845483536454670
linux-source-i386-2.2.14-12S.i386.rpm
cfab27a2ef42dc18bbb45e5f46dc78de
linux-source-m68k-2.2.14-12S.i386.rpm
63e723100db1117a9c3ed6539c388bcf
linux-source-mips-2.2.14-12S.i386.rpm
395d7553fbb15c6024a73d211e2592f7
linux-source-ppc-2.2.14-12S.i386.rpm
4f47a4677747e6b4220bed3b5275c882
linux-source-sparc-2.2.14-12S.i386.rpm
48224275244e8ede28a26b31a854660f
linux-source-sparc64-2.2.14-12S.i386.rpm
225740b2d7268d79efc9ccaefe6a3b5c pcmcia-cs-3.1.4-4.i386.rpm
b7a5b6395147fe913557df93e7c7af68 linux-2.2.14-12S.src.rpm
e8118ebaf2a937053d02bd1948fe5461 pcmcia-cs-3.1.4-4.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh linux-kernel-binary-2.2.14-12S.i386.rpm \
linux-kernel-doc-2.2.14-12S.i386.rpm \
linux-kernel-include-2.2.14-12S.i386.rpm \
linux-source-alpha-2.2.14-12S.i386.rpm \
linux-source-arm-2.2.14-12S.i386.rpm \
linux-source-common-2.2.14-12S.i386.rpm \
linux-source-i386-2.2.14-12S.i386.rpm \
linux-source-m68k-2.2.14-12S.i386.rpm \
linux-source-mips-2.2.14-12S.i386.rpm \
linux-source-ppc-2.2.14-12S.i386.rpm \
linux-source-sparc-2.2.14-12S.i386.rpm \
linux-source-sparc64-2.2.14-12S.i386.rpm \
pcmcia-cs-3.1.4-4.i386.rpm
Please reboot to activate fixes.
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
1a36056ca0abe8942fa78b5358e7a613 hwprobe-20000214-5.i386.rpm
a7e75d7133ee094e1c30695b58382414 iBCS-2.1-11.i386.rpm
fd002d7ec09fc9acea25db34d4f440aa
linux-kernel-binary-2.2.14-8.i386.rpm
6a8e1752508e78e75d5ba0cc885aeeb5
linux-kernel-doc-2.2.14-8.i386.rpm
a59bbd344ce23efbca734f66b98dba9c
linux-kernel-include-2.2.14-8.i386.rpm
897a5b1626477aa870a4ccdff523e0d6
linux-source-alpha-2.2.14-8.i386.rpm
ec76c541c835a14dd0d64d8b61d8161d
linux-source-arm-2.2.14-8.i386.rpm
0863df1fef0ccca6e1d4453885efcd53
linux-source-common-2.2.14-8.i386.rpm
1848e2d677d8f0a33bbce5bf0aba7632
linux-source-i386-2.2.14-8.i386.rpm
63b420df19c35e9259d6b750fd115dee
linux-source-m68k-2.2.14-8.i386.rpm
019acea7a54afece45107d0b1e8e251c
linux-source-mips-2.2.14-8.i386.rpm
65596e7ae3fbf7ed5e359e82ca5afabf
linux-source-ppc-2.2.14-8.i386.rpm
ae2456ef0760bb141a94d176bea8e0e1
linux-source-sparc-2.2.14-8.i386.rpm
98d6a63ce8724870d1c523fbdf564770
linux-source-sparc64-2.2.14-8.i386.rpm
7f902cf665550ced197f33d514fdf017 pcmcia-cs-3.1.8-4.i386.rpm
d5ce976ed4ecbe6e0e79b3e5fad10b2b hwprobe-20000214-5.src.rpm
2edc7bd10bb616bd3491dcda25419e72 iBCS-2.1-11.src.rpm
b0176aae4c7f634fe848eba57a18631f linux-2.2.14-8.src.rpm
0c35d5fd0362c31b907f1d609f0426c7 pcmcia-cs-3.1.8-4.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh hwprobe-20000214-5.i386.rpm iBCS-2.1-11.i386.rpm \
linux-kernel-binary-2.2.14-8.i386.rpm \
linux-kernel-doc-2.2.14-8.i386.rpm \
linux-kernel-include-2.2.14-8.i386.rpm \
linux-source-alpha-2.2.14-8.i386.rpm \
linux-source-arm-2.2.14-8.i386.rpm \
linux-source-common-2.2.14-8.i386.rpm \
linux-source-i386-2.2.14-8.i386.rpm \
linux-source-m68k-2.2.14-8.i386.rpm \
linux-source-mips-2.2.14-8.i386.rpm \
linux-source-ppc-2.2.14-8.i386.rpm \
linux-source-sparc-2.2.14-8.i386.rpm \
linux-source-sparc64-2.2.14-8.i386.rpm \
pcmcia-cs-3.1.8-4.i386.rpm
Please reboot to activate fixes.
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
5161253d46349fff42067e5702a34dad
linux-kernel-binary-2.4.2-13S.i386.rpm
ec254ad980b0505afc084ba6df09c092
linux-kernel-include-2.4.2-13S.i386.rpm
63d9fb7e589def7b9532ab21b82622b3
linux-source-alpha-2.4.2-13S.i386.rpm
609904b41f2bb4292c82460bf5eec0e9
linux-source-arm-2.4.2-13S.i386.rpm
7ea16f6aaa07ec0521cd391e0dc5d514
linux-source-common-2.4.2-13S.i386.rpm
f63f020fd7a7f553c5d0c568ce2af5c2
linux-source-i386-2.4.2-13S.i386.rpm
a65443cf11bea4bb5b96e3bdf58fe1b8
linux-source-ia64-2.4.2-13S.i386.rpm
d2fc13e507eb0ea3e3efbeb7f997de36
linux-source-m68k-2.4.2-13S.i386.rpm
afda830d9544aacc7a2fd21b0e2a6c21
linux-source-mips-2.4.2-13S.i386.rpm
6fb7efb46e508eeb0026329c5b5ff3f4
linux-source-ppc-2.4.2-13S.i386.rpm
2c2be2906e6975ec275e358d7965c08b
linux-source-s390-2.4.2-13S.i386.rpm
270dec86a98cfb100d5f7d03041952c7
linux-source-sparc-2.4.2-13S.i386.rpm
7c649a68cb47f833c49ca8575a53c5b8
linux-source-superH-2.4.2-13S.i386.rpm
d78d52a8b036c023c5182a26d50a15aa linux-2.4.2-13S.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13S.i386.rpm \
linux-kernel-include-2.4.2-13S.i386.rpm \
linux-source-alpha-2.4.2-13S.i386.rpm \
linux-source-arm-2.4.2-13S.i386.rpm \
linux-source-common-2.4.2-13S.i386.rpm \
linux-source-i386-2.4.2-13S.i386.rpm \
linux-source-ia64-2.4.2-13S.i386.rpm \
linux-source-m68k-2.4.2-13S.i386.rpm \
linux-source-mips-2.4.2-13S.i386.rpm \
linux-source-ppc-2.4.2-13S.i386.rpm \
linux-source-s390-2.4.2-13S.i386.rpm \
linux-source-sparc-2.4.2-13S.i386.rpm \
linux-source-superH-2.4.2-13S.i386.rpm
/sbin/depmod -a
Please reboot to activate fixes.
8. OpenLinux 3.1 Workstation
8.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
8.2 Verification
44a4d5cf6ba18e3476f9d8c49f9b6a04
linux-kernel-binary-2.4.2-13D.i386.rpm
41f5b6310a6698ef04cb4991e5d7daf4
linux-kernel-include-2.4.2-13D.i386.rpm
e0452c8f2e6eaf32df13597c5099437a
linux-source-alpha-2.4.2-13D.i386.rpm
b699082a6a539b677cabe7bb5000afe7
linux-source-arm-2.4.2-13D.i386.rpm
66927eef4dd9866d2ed500e61f552443
linux-source-common-2.4.2-13D.i386.rpm
ca948ee3d575a3ad188c31d9bbfca52f
linux-source-i386-2.4.2-13D.i386.rpm
43ce53295736902f1083fb54a55c38b1
linux-source-ia64-2.4.2-13D.i386.rpm
23bf17a23328ed04f2344de1aeb31321
linux-source-m68k-2.4.2-13D.i386.rpm
645f2554c0d10c342d476b88f64b793c
linux-source-mips-2.4.2-13D.i386.rpm
eebe1818d5d1aeeeb627f4187dd46852
linux-source-ppc-2.4.2-13D.i386.rpm
c78a13304eeedade4dfad8373da9f52e
linux-source-s390-2.4.2-13D.i386.rpm
33c67ff27fd860124956be11cd9f0c57
linux-source-sparc-2.4.2-13D.i386.rpm
c26bbc1c02b5746acab717e21075f378
linux-source-superH-2.4.2-13D.i386.rpm
062586fa561848495954969fd3f8bf73 linux-2.4.2-13D.src.rpm
8.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13D.i386.rpm \
linux-kernel-include-2.4.2-13D.i386.rpm \
linux-source-alpha-2.4.2-13D.i386.rpm \
linux-source-arm-2.4.2-13D.i386.rpm \
linux-source-common-2.4.2-13D.i386.rpm \
linux-source-i386-2.4.2-13D.i386.rpm \
linux-source-ia64-2.4.2-13D.i386.rpm \
linux-source-m68k-2.4.2-13D.i386.rpm \
linux-source-mips-2.4.2-13D.i386.rpm \
linux-source-ppc-2.4.2-13D.i386.rpm \
linux-source-s390-2.4.2-13D.i386.rpm \
linux-source-sparc-2.4.2-13D.i386.rpm \
linux-source-superH-2.4.2-13D.i386.rpm
/sbin/depmod -a
Please reboot to activate fixes.
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10659,
10660, 9821.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera OpenLinux.
11. Acknowledgements
Caldera International wishes to thank Rafal Wojtczuk for spotting
and reporting these problems, and Solar Designer and Linus
Torvalds for
providing fixes.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7zuVL18sy83A/qfwRAjsYAJ45iDBCp7sAez5+OnYDj2vtbtg0/QCcC9/f
svO+WZ6We1enZrDIZPMpC+w=
=/J4T
-----END PGP SIGNATURE-----
(7321207) /Support Info <supinfo@caldera.com>/(Ombruten)