[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] another local root exploit in the Linux kernel (RedHat)



On Mon, Oct 22, 2001 at 05:46:29PM -0700, Martin Siegert wrote:
> Topic
> =====
> Local root exploit in Linux kernel.
> 
> Problem Description
> ===================
> There are two bugs in Linux kernels 2.2.x, x <= 19 and 2.4.y, y <= 10.
> The first vulnerability results in local denial-of-service (DoS) attack
> by forcing  the kernel to spend almost arbitrary amount of time
> on dereferencing a single symlink.
> The second one, involving ptrace once again, can be used to gain root
> privileges locally.
> 
> Affected Systems
> ================
> Linux Systems with kernels 2.2.x  x <= 19 and 2.4.y, y <= 10.
> 
> Solution
> ========
> Upgrade to kernel 2.4.12 or a patched kernel for your distribution
> of use appended patches to patch kernel source and recompile kernel.
> 
> At this point in time only RedHat has released new kernels, but also
> only for RH 7.1. It is unclear whether RedHat kernels 2.2.19
> that are used, e.g., with RH 6.2 are not affected by these bugs.
> 
> I will send additional notes to this list about these issues as soon
> as I know more.

RedHat 7.2
----------
rpm -Fvh kernel-source-2.4.9-7.i386.rpm \
         kernel-headers-2.4.9-7.i386.rpm \
         kernel-doc-2.4.9-7.i386.rpm

rpm -ivh kernel<ext>-2.4.9-7.<arch>.rpm

with <ext> being either empty or -smp or -enterprise and <arch> being either
i383, i586, i686 or athlon.

RedHat 6.2
----------
Since RedHat did not release any new kernels for 6.2 and it is unclear
whether the RH 2.2.19 kernel is vulnerable or not I recompiled the
2.2.19 kernel using RedHat's spec file from the source rpm, but modified
it to include the two patches. I made those patched rpms available in
sphinx.sfu.ca:/vol/vol1/distrib/redhat/6.2/contrib. Use is at your own
risk (compiling RedHat kernels from spec files is tricky and I do not
guarantee that I did not make a mistake)! The upgrade proceedure is similar
to the one described in previous advisories. In particular:

rpm -ivh kernel<ext>-2.2.19-6.2.2.<arch>.rpm

with <arch> being either i386 or i686.