[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] another local root exploit in the Linux kernel
- To: linux-security
- Subject: [linux-security] another local root exploit in the Linux kernel
- From: Martin Siegert <siegert@sfu.ca>
- Date: Mon, 22 Oct 2001 17:46:29 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
Local root exploit in Linux kernel.
Problem Description
===================
There are two bugs in Linux kernels 2.2.x, x <= 19 and 2.4.y, y <= 10.
The first vulnerability results in local denial-of-service (DoS) attack
by forcing the kernel to spend almost arbitrary amount of time
on dereferencing a single symlink.
The second one, involving ptrace once again, can be used to gain root
privileges locally.
Affected Systems
================
Linux Systems with kernels 2.2.x x <= 19 and 2.4.y, y <= 10.
Solution
========
Upgrade to kernel 2.4.12 or a patched kernel for your distribution
of use appended patches to patch kernel source and recompile kernel.
At this point in time only RedHat has released new kernels, but also
only for RH 7.1. It is unclear whether RedHat kernels 2.2.19
that are used, e.g., with RH 6.2 are not affected by these bugs.
I will send additional notes to this list about these issues as soon
as I know more.
RedHat 7.1
----------
rpm -Fvh kernel-source-2.4.9-6.i386.rpm \
kernel-headers-2.4.9-6.i386.rpm \
initscripts-5.84.1-1.i386.rpm \
mkinitrd-3.2.6-1.i386.rpm \
e2fsprogs-1.23-1.7.1.i386.rpm \
e2fsprogs-devel-1.23-1.7.1.i386.rpm \
tux-2.1.0-2.i386.rpm \
modutils-2.4.6-4.i386.rpm \
filesystem-2.1.0-2.1.noarch.rpm
To find out which kernel you need type: "uname -a". This will result in
a response like:
Linux <hostname> 2.4.3-12<ext> #1 <SMP> Sun Apr 8 19:37:14 EDT 2001 <arch> unknown
Here <ext> is either not present or "smp" or "enterprise", <SMP> is either
not present or "SMP" and <arch> is either "i386", "i586", or "i686".
If <ext> is not present, install the regular kernel:
rpm -ivh kernel-2.4.9-6.<arch>.rpm
If <ext> is "smp" and <SMP> is "SMP", install the smp kernel:
rpm -ivh kernel-smp-2.4.9-6.<arch>.rpm
If <ext> is "enterprise", install the enterprise kernel:
rpm -ivh kernel-enterprise-2.4.9-6.i686.rpm
After that you must edit /etc/lilo.conf:
There should be a section that looks like:
image=/boot/vmlinuz-2.4.3-12smp
label=linux
read-only
root=/dev/hda1
Depending on your configuration the section under
image=/boot/vmlinuz-2.4.3-12smp
may contain some more lines, in particular you may see a
initrd=/boot/initrd-2.4.3-12smp.img
line.
Copy this section as a whole under the initial section that usually starts
with "boot=/dev/hda" and ends with "default=linux".
Then change all occurences of the old version (in the example above that
would be 2.4.3-12smp) to the new version, e.g., 2.4.9-6smp.
In the old section change the line "label=linux" to "label=linux-2.4.3"
(or anything other than "linux").
If your lilo.conf file shows that you are using an initial RAM disk, i.e.,
you have lines starting with "initrd= ... ", you must create that image
as well:
/sbin/mkinitrd /boot/initrd-2.4.9-6<ext> 2.4.9-6<ext>
After that run "/sbin/lilo" and reboot.