From supinfo@caldera.com Fri Oct 19 07:43:16 2001 From: Support Info To: announce@lists.caldera.com, bugtraq@securityfocus.com, linux-security@redhat.com, linuxlist@securityportal.com Date: Thu, 18 Oct 2001 17:11:27 -0600 Subject: Security Update: [CSSA-2001-036.0] Linux - Several Linux Kernel Security Problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - several linux kernel security problems Advisory number: CSSA-2001-036.0 Issue date: 2001, October 18 Cross reference: ______________________________________________________________________________ 1. Problem Description Yet another ptrace race condition has been found which allows local attackers to get access to the root account. Also, a local attacker can use a recursive symlink structure setup to effectively cause all filesystem actions to hang for an infinite amount of time. The IPTABLES implementation in the 2.4 kernel also had a problem in the RELATED connection handling of the ip_conntrack_module which is fixed by the supplied packages. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to linux-2.2.10-13 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder linux-2.2.14-12S OpenLinux eDesktop 2.4 All packages previous to linux-2.2.14-8 OpenLinux Server 3.1 All packages previous to linux-2.4.2-13S OpenLinux Workstation 3.1 All packages previous to linux-2.4.2-13D 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 32c753ec6dadc0f17aa1f8816c639258 linux-kernel-binary-2.2.10-13.i386.rpm 658484d165b5aa98abe0a8ccc3b413b9 linux-kernel-doc-2.2.10-13.i386.rpm be8f85ee1d99495302b9b80db3a906f7 linux-kernel-include-2.2.10-13.i386.rpm ca9cc1518d899208659fae690c4ef79a linux-source-alpha-2.2.10-13.i386.rpm 41bb1351cd4db90a1958852637ffd764 linux-source-arm-2.2.10-13.i386.rpm e85e1efc352d6fd2475e0b5ca466fe2f linux-source-common-2.2.10-13.i386.rpm 717b44fa64a521312d6dbc961a72541e linux-source-i386-2.2.10-13.i386.rpm 1fef2cc0899f4bfebc47b88524284496 linux-source-m68k-2.2.10-13.i386.rpm 84833d03056c2c680a24913f5e3797f7 linux-source-mips-2.2.10-13.i386.rpm 2475e6c69ecd2e2917b50b951b9eca6b linux-source-ppc-2.2.10-13.i386.rpm 2b5714eb6ff0397e5fba9f23e2bb1ef7 linux-source-sparc-2.2.10-13.i386.rpm 5cd6a57d8ede20fda0fb88834c7360b4 linux-source-sparc64-2.2.10-13.i386.rpm cbde8a50017727fff85603aae5c53db7 pcmcia-cs-3.0.14-4.i386.rpm c97ea2d01d25eaa772e4097967bc6b7f linux-2.2.10-13.src.rpm ccc40c5a90dae7ac0608fa4587aaf074 pcmcia-cs-3.0.14-4.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh --force linux-kernel-binary-2.2.10-13.i386.rpm \ linux-kernel-doc-2.2.10-13.i386.rpm \ linux-kernel-include-2.2.10-13.i386.rpm \ linux-source-alpha-2.2.10-13.i386.rpm \ linux-source-arm-2.2.10-13.i386.rpm \ linux-source-common-2.2.10-13.i386.rpm \ linux-source-i386-2.2.10-13.i386.rpm \ linux-source-m68k-2.2.10-13.i386.rpm \ linux-source-mips-2.2.10-13.i386.rpm \ linux-source-ppc-2.2.10-13.i386.rpm \ linux-source-sparc-2.2.10-13.i386.rpm \ linux-source-sparc64-2.2.10-13.i386.rpm \ pcmcia-cs-3.0.14-4.i386.rpm Please reboot to activate fixes. 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification b8a6089505a26cde57351690d7c6fe16 linux-kernel-binary-2.2.14-12S.i386.rpm 3b6226cc2be698ff5399962b53c65f19 linux-kernel-doc-2.2.14-12S.i386.rpm 63ce75c07a9cad64cb27660885c12747 linux-kernel-include-2.2.14-12S.i386.rpm 9ad03cc52cc534f200b6148bfabe2caf linux-source-alpha-2.2.14-12S.i386.rpm ecdb11e2b8dd146dd67a08a27674a1d4 linux-source-arm-2.2.14-12S.i386.rpm b1be6a17c6c2a455b550cf70ac1a52b3 linux-source-common-2.2.14-12S.i386.rpm bf281540084025a7d845483536454670 linux-source-i386-2.2.14-12S.i386.rpm cfab27a2ef42dc18bbb45e5f46dc78de linux-source-m68k-2.2.14-12S.i386.rpm 63e723100db1117a9c3ed6539c388bcf linux-source-mips-2.2.14-12S.i386.rpm 395d7553fbb15c6024a73d211e2592f7 linux-source-ppc-2.2.14-12S.i386.rpm 4f47a4677747e6b4220bed3b5275c882 linux-source-sparc-2.2.14-12S.i386.rpm 48224275244e8ede28a26b31a854660f linux-source-sparc64-2.2.14-12S.i386.rpm 225740b2d7268d79efc9ccaefe6a3b5c pcmcia-cs-3.1.4-4.i386.rpm b7a5b6395147fe913557df93e7c7af68 linux-2.2.14-12S.src.rpm e8118ebaf2a937053d02bd1948fe5461 pcmcia-cs-3.1.4-4.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh linux-kernel-binary-2.2.14-12S.i386.rpm \ linux-kernel-doc-2.2.14-12S.i386.rpm \ linux-kernel-include-2.2.14-12S.i386.rpm \ linux-source-alpha-2.2.14-12S.i386.rpm \ linux-source-arm-2.2.14-12S.i386.rpm \ linux-source-common-2.2.14-12S.i386.rpm \ linux-source-i386-2.2.14-12S.i386.rpm \ linux-source-m68k-2.2.14-12S.i386.rpm \ linux-source-mips-2.2.14-12S.i386.rpm \ linux-source-ppc-2.2.14-12S.i386.rpm \ linux-source-sparc-2.2.14-12S.i386.rpm \ linux-source-sparc64-2.2.14-12S.i386.rpm \ pcmcia-cs-3.1.4-4.i386.rpm Please reboot to activate fixes. 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 1a36056ca0abe8942fa78b5358e7a613 hwprobe-20000214-5.i386.rpm a7e75d7133ee094e1c30695b58382414 iBCS-2.1-11.i386.rpm fd002d7ec09fc9acea25db34d4f440aa linux-kernel-binary-2.2.14-8.i386.rpm 6a8e1752508e78e75d5ba0cc885aeeb5 linux-kernel-doc-2.2.14-8.i386.rpm a59bbd344ce23efbca734f66b98dba9c linux-kernel-include-2.2.14-8.i386.rpm 897a5b1626477aa870a4ccdff523e0d6 linux-source-alpha-2.2.14-8.i386.rpm ec76c541c835a14dd0d64d8b61d8161d linux-source-arm-2.2.14-8.i386.rpm 0863df1fef0ccca6e1d4453885efcd53 linux-source-common-2.2.14-8.i386.rpm 1848e2d677d8f0a33bbce5bf0aba7632 linux-source-i386-2.2.14-8.i386.rpm 63b420df19c35e9259d6b750fd115dee linux-source-m68k-2.2.14-8.i386.rpm 019acea7a54afece45107d0b1e8e251c linux-source-mips-2.2.14-8.i386.rpm 65596e7ae3fbf7ed5e359e82ca5afabf linux-source-ppc-2.2.14-8.i386.rpm ae2456ef0760bb141a94d176bea8e0e1 linux-source-sparc-2.2.14-8.i386.rpm 98d6a63ce8724870d1c523fbdf564770 linux-source-sparc64-2.2.14-8.i386.rpm 7f902cf665550ced197f33d514fdf017 pcmcia-cs-3.1.8-4.i386.rpm d5ce976ed4ecbe6e0e79b3e5fad10b2b hwprobe-20000214-5.src.rpm 2edc7bd10bb616bd3491dcda25419e72 iBCS-2.1-11.src.rpm b0176aae4c7f634fe848eba57a18631f linux-2.2.14-8.src.rpm 0c35d5fd0362c31b907f1d609f0426c7 pcmcia-cs-3.1.8-4.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh hwprobe-20000214-5.i386.rpm iBCS-2.1-11.i386.rpm \ linux-kernel-binary-2.2.14-8.i386.rpm \ linux-kernel-doc-2.2.14-8.i386.rpm \ linux-kernel-include-2.2.14-8.i386.rpm \ linux-source-alpha-2.2.14-8.i386.rpm \ linux-source-arm-2.2.14-8.i386.rpm \ linux-source-common-2.2.14-8.i386.rpm \ linux-source-i386-2.2.14-8.i386.rpm \ linux-source-m68k-2.2.14-8.i386.rpm \ linux-source-mips-2.2.14-8.i386.rpm \ linux-source-ppc-2.2.14-8.i386.rpm \ linux-source-sparc-2.2.14-8.i386.rpm \ linux-source-sparc64-2.2.14-8.i386.rpm \ pcmcia-cs-3.1.8-4.i386.rpm Please reboot to activate fixes. 7. OpenLinux 3.1 Server 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 7.2 Verification 5161253d46349fff42067e5702a34dad linux-kernel-binary-2.4.2-13S.i386.rpm ec254ad980b0505afc084ba6df09c092 linux-kernel-include-2.4.2-13S.i386.rpm 63d9fb7e589def7b9532ab21b82622b3 linux-source-alpha-2.4.2-13S.i386.rpm 609904b41f2bb4292c82460bf5eec0e9 linux-source-arm-2.4.2-13S.i386.rpm 7ea16f6aaa07ec0521cd391e0dc5d514 linux-source-common-2.4.2-13S.i386.rpm f63f020fd7a7f553c5d0c568ce2af5c2 linux-source-i386-2.4.2-13S.i386.rpm a65443cf11bea4bb5b96e3bdf58fe1b8 linux-source-ia64-2.4.2-13S.i386.rpm d2fc13e507eb0ea3e3efbeb7f997de36 linux-source-m68k-2.4.2-13S.i386.rpm afda830d9544aacc7a2fd21b0e2a6c21 linux-source-mips-2.4.2-13S.i386.rpm 6fb7efb46e508eeb0026329c5b5ff3f4 linux-source-ppc-2.4.2-13S.i386.rpm 2c2be2906e6975ec275e358d7965c08b linux-source-s390-2.4.2-13S.i386.rpm 270dec86a98cfb100d5f7d03041952c7 linux-source-sparc-2.4.2-13S.i386.rpm 7c649a68cb47f833c49ca8575a53c5b8 linux-source-superH-2.4.2-13S.i386.rpm d78d52a8b036c023c5182a26d50a15aa linux-2.4.2-13S.src.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: /sbin/modprobe loop rpm -Fvh linux-kernel-binary-2.4.2-13S.i386.rpm \ linux-kernel-include-2.4.2-13S.i386.rpm \ linux-source-alpha-2.4.2-13S.i386.rpm \ linux-source-arm-2.4.2-13S.i386.rpm \ linux-source-common-2.4.2-13S.i386.rpm \ linux-source-i386-2.4.2-13S.i386.rpm \ linux-source-ia64-2.4.2-13S.i386.rpm \ linux-source-m68k-2.4.2-13S.i386.rpm \ linux-source-mips-2.4.2-13S.i386.rpm \ linux-source-ppc-2.4.2-13S.i386.rpm \ linux-source-s390-2.4.2-13S.i386.rpm \ linux-source-sparc-2.4.2-13S.i386.rpm \ linux-source-superH-2.4.2-13S.i386.rpm /sbin/depmod -a Please reboot to activate fixes. 8. OpenLinux 3.1 Workstation 8.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 8.2 Verification 44a4d5cf6ba18e3476f9d8c49f9b6a04 linux-kernel-binary-2.4.2-13D.i386.rpm 41f5b6310a6698ef04cb4991e5d7daf4 linux-kernel-include-2.4.2-13D.i386.rpm e0452c8f2e6eaf32df13597c5099437a linux-source-alpha-2.4.2-13D.i386.rpm b699082a6a539b677cabe7bb5000afe7 linux-source-arm-2.4.2-13D.i386.rpm 66927eef4dd9866d2ed500e61f552443 linux-source-common-2.4.2-13D.i386.rpm ca948ee3d575a3ad188c31d9bbfca52f linux-source-i386-2.4.2-13D.i386.rpm 43ce53295736902f1083fb54a55c38b1 linux-source-ia64-2.4.2-13D.i386.rpm 23bf17a23328ed04f2344de1aeb31321 linux-source-m68k-2.4.2-13D.i386.rpm 645f2554c0d10c342d476b88f64b793c linux-source-mips-2.4.2-13D.i386.rpm eebe1818d5d1aeeeb627f4187dd46852 linux-source-ppc-2.4.2-13D.i386.rpm c78a13304eeedade4dfad8373da9f52e linux-source-s390-2.4.2-13D.i386.rpm 33c67ff27fd860124956be11cd9f0c57 linux-source-sparc-2.4.2-13D.i386.rpm c26bbc1c02b5746acab717e21075f378 linux-source-superH-2.4.2-13D.i386.rpm 062586fa561848495954969fd3f8bf73 linux-2.4.2-13D.src.rpm 8.3 Installing Fixed Packages Upgrade the affected packages with the following commands: /sbin/modprobe loop rpm -Fvh linux-kernel-binary-2.4.2-13D.i386.rpm \ linux-kernel-include-2.4.2-13D.i386.rpm \ linux-source-alpha-2.4.2-13D.i386.rpm \ linux-source-arm-2.4.2-13D.i386.rpm \ linux-source-common-2.4.2-13D.i386.rpm \ linux-source-i386-2.4.2-13D.i386.rpm \ linux-source-ia64-2.4.2-13D.i386.rpm \ linux-source-m68k-2.4.2-13D.i386.rpm \ linux-source-mips-2.4.2-13D.i386.rpm \ linux-source-ppc-2.4.2-13D.i386.rpm \ linux-source-s390-2.4.2-13D.i386.rpm \ linux-source-sparc-2.4.2-13D.i386.rpm \ linux-source-superH-2.4.2-13D.i386.rpm /sbin/depmod -a Please reboot to activate fixes. 9. References This and other Caldera security resources are located at: http://www.caldera.com/support/security/index.html This security fix closes Caldera's internal Problem Report 10659, 10660, 9821. 10. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 11. Acknowledgements Caldera International wishes to thank Rafal Wojtczuk for spotting and reporting these problems, and Solar Designer and Linus Torvalds for providing fixes. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7zuVL18sy83A/qfwRAjsYAJ45iDBCp7sAez5+OnYDj2vtbtg0/QCcC9/f svO+WZ6We1enZrDIZPMpC+w= =/J4T -----END PGP SIGNATURE-----