[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] DoS and local root exploits in Linux kernel

To: linux-security
Subject: [linux-security] DoS and local root exploits in Linux kernel
From: Martin Siegert <siegert@sfu.ca>
Date: Mon, 2 Jun 2003 13:11:15 -0700
In-Reply-To: <20030531222212.GB10184@stikine.ucs.sfu.ca>
References: <20030531222212.GB10184@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4.1i

[this is a resent of the previous advisory which was incomplete]

Topic
=====
DoS attack possible because of vulnerability in Linux kernel
flaw in kernel allows local priviledge escalation

Problem Description
===================
The route cache implementation in Linux 2.4, and the Netfilter IP
conntrack module, allows remote attackers to cause a denial of service
(CPU consumption) via packets with forged source addresses that cause a
large number of hash table collisions related to the PREROUTING chain.

A flaw has been found in the "ioperm" system call, which fails to properly
restrict privileges. This flaw can allow an unprivileged local user to
gain read and write access to I/O ports on the system.

Affected Versions
=================
all 2.4.x versions with x <= 20 (which is the newest)

Solution
========
upgrade to patched version for your distribution
(both problems have been fixed in 2.4.21-rc4; 2.4.21 will probably be
released within the next few weeks)

Upgrading kernel packages differs from upgrading other packages, in
particular you do not use the -U or -F rpm flags but the -i flag for
the rpm command to install a kernel package. You also must change the
"default" line in /etc/grub.conf (if you are using the grub bootloader)
to reflect the new kernel. Note that the first kernel entry in grub.conf
corresponds to "default=0"! If you are still using lilo, you must modify
the lilo.conf file and then run /sbin/lilo.

RedHat 7.x
----------
rpm -Fvh kernel-source-2.4.20-13.7.i386.rpm \
         kernel-doc-2.4.20-13.7.i386.rpm

rpm -ivh kernel<type>-2.4.20-13.7.<arch>.rpm

where <type> is either empty or "-smp" or "-bigmem" and <arch> is either
i386, i586, i686, or athlon. "check-rpms" will show the correct <type>
and <arch> (but will not install a kernel).

RedHat 8.0
----------
rpm -Fvh kernel-source-2.4.20-13.8.i386.rpm \
         kernel-doc-2.4.20-13.8.i386.rpm \
         oprofile-0.4-44.8.1.i386.rpm

rpm -ivh kernel<type>-2.4.20-13.8.<arch>.rpm

where <type> is either empty or "-smp" or "-bigmem" and <arch> is either
i386, i586, i686, or athlon. "check-rpms" will show the correct <type>
and <arch> (but will not install a kernel).

RedHat 9
--------
rpm -Fvh kernel-source-2.4.20-13.9.i386.rpm \
         kernel-doc-2.4.20-13.9.i386.rpm

rpm -ivh kernel<type>-2.4.20-13.9.<arch>.rpm

where <type> is either empty or "-smp" or "-bigmem" and <arch> is either
i386, i586, i686, or athlon. "check-rpms" will show the correct <type>
and <arch> (but will not install a kernel).

References:
- [linux-security] DoS and local root exploits in Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] DoS and local root exploits in Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] incorrect key validation by gnupg
Next by Date: [linux-security] possibly remote root exploit in nfs-utils
Prev by thread: [linux-security] DoS and local root exploits in Linux kernel
Next by thread: [linux-security] MySQL DoS and local root exploits
Index(es):
- Date
- Thread