[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] local root exploit in Linux kernel (Caldera)
Topic
=====
Caldera releases new kernel versions.
Remarks
=======
It seems that Caldera has the fastest response to this problem.
I append their advisory below that contains all of the upgrade information.
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: several security problems in linux kernel
Advisory number: CSSA-2001-012.0
Issue date: 2001 April, 3
Cross reference:
______________________________________________________________________________
1. Problem Description
During code audits of the Linux Kernel several security problems
have been found. Some of them allow a local attacker to gain
root privileges through race conditions, others allow reading
and possibly writing of random kernel memory.
With these patches now being available in the 2.2.19 kernel, this
update backports them to the kernels used in our products.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
linux-2.2.10-12
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder linux-2.2.14-11S
OpenLinux eDesktop 2.4 All packages previous to
linux-2.2.14-7
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
c0abd6e725f9791545738d74e7a338f0 RPMS/linux-kernel-binary-2.2.10-12.i386.rpm
43907dfa0696a0d0e23b3d74ac98d6a0 RPMS/linux-kernel-doc-2.2.10-12.i386.rpm
ff332be214d5796097ee81bb436aa8aa RPMS/linux-kernel-include-2.2.10-12.i386.rpm
bb28b2c5f99f601014e8c5f0f41b8e38 RPMS/linux-source-alpha-2.2.10-12.i386.rpm
4544ba8d0bd42d7cacb7624ac55cb97e RPMS/linux-source-arm-2.2.10-12.i386.rpm
f6f6249203c1c01d7ce1343e2526a7c8 RPMS/linux-source-common-2.2.10-12.i386.rpm
7a6089c9c84b7ffece6429c0cc4061d5 RPMS/linux-source-i386-2.2.10-12.i386.rpm
d882ef84c328a93f7fe5ef4be618053e RPMS/linux-source-m68k-2.2.10-12.i386.rpm
d65460cb00441d97ea84ccc4beebd8d9 RPMS/linux-source-mips-2.2.10-12.i386.rpm
6c8f1575dd55c3421081a1d225c808b8 RPMS/linux-source-ppc-2.2.10-12.i386.rpm
4b2ede9a55b08f7cfece30c60c82b25c RPMS/linux-source-sparc-2.2.10-12.i386.rpm
2556435b553f1ad13974d6c5997639fe RPMS/linux-source-sparc64-2.2.10-12.i386.rpm
21e54c126869848f2a87e13be8c8cf3e RPMS/pcmcia-cs-3.0.14-3.i386.rpm
eb1bd121022e40501edb26104142dfdb SRPMS/linux-2.2.10-12.src.rpm
45a67c026f4ec2f215431a77e593d318 SRPMS/pcmcia-cs-3.0.14-3.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
modprobe loop
rpm -Fhv *.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
4d81026c3b760cd3dfe6b18d6acbe123 RPMS/iBCS-2.1-6.i386.rpm
724c1ac2254480bbc0c694281d32e3b7 RPMS/iBCS-extras-2.1-6.i386.rpm
fa0b96983659f4394960420cc5840e06 RPMS/linux-kernel-binary-2.2.14-11S.i386.rpm
caa634390f73722de809082cb357f701 RPMS/linux-kernel-doc-2.2.14-11S.i386.rpm
5c4f321a82fdbe517a504124a6b52b99 RPMS/linux-kernel-include-2.2.14-11S.i386.rpm
db9dde4d02b3e7f8c49ed2e003ac2bec RPMS/linux-source-alpha-2.2.14-11S.i386.rpm
0e25fda46af2085881085fdba0664061 RPMS/linux-source-arm-2.2.14-11S.i386.rpm
5c3c76c792108e2a50a7a13a9f450494 RPMS/linux-source-common-2.2.14-11S.i386.rpm
6a42f80110b86b34a74bf84b08b69d44 RPMS/linux-source-i386-2.2.14-11S.i386.rpm
abcfb03c424cbbb4584741659753f8dc RPMS/linux-source-m68k-2.2.14-11S.i386.rpm
0cf7968c5c3e518cc44caf1931c406ec RPMS/linux-source-mips-2.2.14-11S.i386.rpm
bc580c613872ce59319583f793fddb9f RPMS/linux-source-ppc-2.2.14-11S.i386.rpm
040f856963f39940b93eb15203281337 RPMS/linux-source-sparc-2.2.14-11S.i386.rpm
ac0c3167d324a920f2fb96c63b80a38c RPMS/linux-source-sparc64-2.2.14-11S.i386.rpm
3847dc7f2f8c0e38f8becedb5c252bf4 RPMS/pcmcia-cs-3.1.4-3.i386.rpm
5945740159408f1776dcb6aa2fb49b03 SRPMS/iBCS-2.1-6.src.rpm
563cf982dba25b5952040bcd47ea581b SRPMS/linux-2.2.14-11S.src.rpm
d15ab81be9d67ffec3242b4ec48e8eb9 SRPMS/pcmcia-cs-3.1.4-3.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
modprobe loop
rpm -Fvh *.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
831b263708b378875b5e70c30b2d1a81 RPMS/hwprobe-20000214-4.i386.rpm
25af31770447ac4fd18b050a0c0c3b9e RPMS/iBCS-2.1-10.i386.rpm
01a135805e279368bd829daef4a6af78 RPMS/iBCS-extras-2.1-10.i386.rpm
d4370bf7f3a68df55ff0001aea1d1f32 RPMS/iBCS-module-2.1_2.2.14-10.i386.rpm
d5fa42ab1c129f89f6aac8ab594bf7e6 RPMS/linux-kernel-binary-2.2.14-7.i386.rpm
b39cf54a0ff4a3f0de6edc02f6f15804 RPMS/linux-kernel-doc-2.2.14-7.i386.rpm
d5e005ab9e3d568d82aa002c14336fb0 RPMS/linux-kernel-include-2.2.14-7.i386.rpm
69d1f35ff0afe3e3f3ac33c22c6c08a9 RPMS/linux-source-alpha-2.2.14-7.i386.rpm
619af8b2535238d5b0fc01ccc1aa4b15 RPMS/linux-source-arm-2.2.14-7.i386.rpm
563a2448d1eb3a66ed744e705aede3d3 RPMS/linux-source-common-2.2.14-7.i386.rpm
065ac34ecc23b322e3481752ddeb1a29 RPMS/linux-source-i386-2.2.14-7.i386.rpm
760c2a64d58f3f44ee113ccbf7490777 RPMS/linux-source-m68k-2.2.14-7.i386.rpm
460047a1cc64a92bfafc953790388b3d RPMS/linux-source-mips-2.2.14-7.i386.rpm
596aadafa3a68461ec9957810d20629e RPMS/linux-source-ppc-2.2.14-7.i386.rpm
a5070e30981d650498ac3c5dd67b361c RPMS/linux-source-sparc-2.2.14-7.i386.rpm
2db448f5eb2e7aac48f0a9c7f07d71c6 RPMS/linux-source-sparc64-2.2.14-7.i386.rpm
fed0d802f6a9d8b19eeb39f13e3d9b17 RPMS/pcmcia-cs-3.1.8-3.i386.rpm
7d585fa7cc3201aa554bfba0bc923f9d SRPMS/hwprobe-20000214-4.src.rpm
7042ea57831b9e4c5649a8cd668a8624 SRPMS/iBCS-2.1-10.src.rpm
9a055948c09c36ed379de72525bf2896 SRPMS/linux-2.2.14-7.src.rpm
db43acbef146ae3be972f1515d030c82 SRPMS/pcmcia-cs-3.1.8-3.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh *.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 9633.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements
Caldera Systems wishes to thank Chris Evans, Solar Designer, Alan
Cox and David Miller for spotting and fixing these problems.