From: Support Info <supinfo@caldera.com>
To: announce@lists.caldera.com, bugtraq@securityfocus.com,
linux-security@redhat.com, linuxlist@securityportal.com
Subject: Security Update: [CSSA-2001-036.0] Linux - Several Linux Kernel Security Problems
Date: Thu, 18 Oct 2001 17:11:27 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - several linux kernel security problems
Advisory number: CSSA-2001-036.0
Issue date: 2001, October 18
Cross reference:
______________________________________________________________________________
1. Problem Description
Yet another ptrace race condition has been found which allows local
attackers to get access to the root account.
Also, a local attacker can use a recursive symlink structure setup
to effectively cause all filesystem actions to hang for an infinite
amount of time.
The IPTABLES implementation in the 2.4 kernel also had a problem in
the RELATED connection handling of the ip_conntrack_module which is
fixed by the supplied packages.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
linux-2.2.10-13
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder linux-2.2.14-12S
OpenLinux eDesktop 2.4 All packages previous to
linux-2.2.14-8
OpenLinux Server 3.1 All packages previous to
linux-2.4.2-13S
OpenLinux Workstation 3.1 All packages previous to
linux-2.4.2-13D
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
32c753ec6dadc0f17aa1f8816c639258 linux-kernel-binary-2.2.10-13.i386.rpm
658484d165b5aa98abe0a8ccc3b413b9 linux-kernel-doc-2.2.10-13.i386.rpm
be8f85ee1d99495302b9b80db3a906f7 linux-kernel-include-2.2.10-13.i386.rpm
ca9cc1518d899208659fae690c4ef79a linux-source-alpha-2.2.10-13.i386.rpm
41bb1351cd4db90a1958852637ffd764 linux-source-arm-2.2.10-13.i386.rpm
e85e1efc352d6fd2475e0b5ca466fe2f linux-source-common-2.2.10-13.i386.rpm
717b44fa64a521312d6dbc961a72541e linux-source-i386-2.2.10-13.i386.rpm
1fef2cc0899f4bfebc47b88524284496 linux-source-m68k-2.2.10-13.i386.rpm
84833d03056c2c680a24913f5e3797f7 linux-source-mips-2.2.10-13.i386.rpm
2475e6c69ecd2e2917b50b951b9eca6b linux-source-ppc-2.2.10-13.i386.rpm
2b5714eb6ff0397e5fba9f23e2bb1ef7 linux-source-sparc-2.2.10-13.i386.rpm
5cd6a57d8ede20fda0fb88834c7360b4 linux-source-sparc64-2.2.10-13.i386.rpm
cbde8a50017727fff85603aae5c53db7 pcmcia-cs-3.0.14-4.i386.rpm
c97ea2d01d25eaa772e4097967bc6b7f linux-2.2.10-13.src.rpm
ccc40c5a90dae7ac0608fa4587aaf074 pcmcia-cs-3.0.14-4.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh --force linux-kernel-binary-2.2.10-13.i386.rpm \
linux-kernel-doc-2.2.10-13.i386.rpm \
linux-kernel-include-2.2.10-13.i386.rpm \
linux-source-alpha-2.2.10-13.i386.rpm \
linux-source-arm-2.2.10-13.i386.rpm \
linux-source-common-2.2.10-13.i386.rpm \
linux-source-i386-2.2.10-13.i386.rpm \
linux-source-m68k-2.2.10-13.i386.rpm \
linux-source-mips-2.2.10-13.i386.rpm \
linux-source-ppc-2.2.10-13.i386.rpm \
linux-source-sparc-2.2.10-13.i386.rpm \
linux-source-sparc64-2.2.10-13.i386.rpm \
pcmcia-cs-3.0.14-4.i386.rpm
Please reboot to activate fixes.
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
b8a6089505a26cde57351690d7c6fe16 linux-kernel-binary-2.2.14-12S.i386.rpm
3b6226cc2be698ff5399962b53c65f19 linux-kernel-doc-2.2.14-12S.i386.rpm
63ce75c07a9cad64cb27660885c12747 linux-kernel-include-2.2.14-12S.i386.rpm
9ad03cc52cc534f200b6148bfabe2caf linux-source-alpha-2.2.14-12S.i386.rpm
ecdb11e2b8dd146dd67a08a27674a1d4 linux-source-arm-2.2.14-12S.i386.rpm
b1be6a17c6c2a455b550cf70ac1a52b3 linux-source-common-2.2.14-12S.i386.rpm
bf281540084025a7d845483536454670 linux-source-i386-2.2.14-12S.i386.rpm
cfab27a2ef42dc18bbb45e5f46dc78de linux-source-m68k-2.2.14-12S.i386.rpm
63e723100db1117a9c3ed6539c388bcf linux-source-mips-2.2.14-12S.i386.rpm
395d7553fbb15c6024a73d211e2592f7 linux-source-ppc-2.2.14-12S.i386.rpm
4f47a4677747e6b4220bed3b5275c882 linux-source-sparc-2.2.14-12S.i386.rpm
48224275244e8ede28a26b31a854660f linux-source-sparc64-2.2.14-12S.i386.rpm
225740b2d7268d79efc9ccaefe6a3b5c pcmcia-cs-3.1.4-4.i386.rpm
b7a5b6395147fe913557df93e7c7af68 linux-2.2.14-12S.src.rpm
e8118ebaf2a937053d02bd1948fe5461 pcmcia-cs-3.1.4-4.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh linux-kernel-binary-2.2.14-12S.i386.rpm \
linux-kernel-doc-2.2.14-12S.i386.rpm \
linux-kernel-include-2.2.14-12S.i386.rpm \
linux-source-alpha-2.2.14-12S.i386.rpm \
linux-source-arm-2.2.14-12S.i386.rpm \
linux-source-common-2.2.14-12S.i386.rpm \
linux-source-i386-2.2.14-12S.i386.rpm \
linux-source-m68k-2.2.14-12S.i386.rpm \
linux-source-mips-2.2.14-12S.i386.rpm \
linux-source-ppc-2.2.14-12S.i386.rpm \
linux-source-sparc-2.2.14-12S.i386.rpm \
linux-source-sparc64-2.2.14-12S.i386.rpm \
pcmcia-cs-3.1.4-4.i386.rpm
Please reboot to activate fixes.
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
1a36056ca0abe8942fa78b5358e7a613 hwprobe-20000214-5.i386.rpm
a7e75d7133ee094e1c30695b58382414 iBCS-2.1-11.i386.rpm
fd002d7ec09fc9acea25db34d4f440aa linux-kernel-binary-2.2.14-8.i386.rpm
6a8e1752508e78e75d5ba0cc885aeeb5 linux-kernel-doc-2.2.14-8.i386.rpm
a59bbd344ce23efbca734f66b98dba9c linux-kernel-include-2.2.14-8.i386.rpm
897a5b1626477aa870a4ccdff523e0d6 linux-source-alpha-2.2.14-8.i386.rpm
ec76c541c835a14dd0d64d8b61d8161d linux-source-arm-2.2.14-8.i386.rpm
0863df1fef0ccca6e1d4453885efcd53 linux-source-common-2.2.14-8.i386.rpm
1848e2d677d8f0a33bbce5bf0aba7632 linux-source-i386-2.2.14-8.i386.rpm
63b420df19c35e9259d6b750fd115dee linux-source-m68k-2.2.14-8.i386.rpm
019acea7a54afece45107d0b1e8e251c linux-source-mips-2.2.14-8.i386.rpm
65596e7ae3fbf7ed5e359e82ca5afabf linux-source-ppc-2.2.14-8.i386.rpm
ae2456ef0760bb141a94d176bea8e0e1 linux-source-sparc-2.2.14-8.i386.rpm
98d6a63ce8724870d1c523fbdf564770 linux-source-sparc64-2.2.14-8.i386.rpm
7f902cf665550ced197f33d514fdf017 pcmcia-cs-3.1.8-4.i386.rpm
d5ce976ed4ecbe6e0e79b3e5fad10b2b hwprobe-20000214-5.src.rpm
2edc7bd10bb616bd3491dcda25419e72 iBCS-2.1-11.src.rpm
b0176aae4c7f634fe848eba57a18631f linux-2.2.14-8.src.rpm
0c35d5fd0362c31b907f1d609f0426c7 pcmcia-cs-3.1.8-4.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh hwprobe-20000214-5.i386.rpm iBCS-2.1-11.i386.rpm \
linux-kernel-binary-2.2.14-8.i386.rpm \
linux-kernel-doc-2.2.14-8.i386.rpm \
linux-kernel-include-2.2.14-8.i386.rpm \
linux-source-alpha-2.2.14-8.i386.rpm \
linux-source-arm-2.2.14-8.i386.rpm \
linux-source-common-2.2.14-8.i386.rpm \
linux-source-i386-2.2.14-8.i386.rpm \
linux-source-m68k-2.2.14-8.i386.rpm \
linux-source-mips-2.2.14-8.i386.rpm \
linux-source-ppc-2.2.14-8.i386.rpm \
linux-source-sparc-2.2.14-8.i386.rpm \
linux-source-sparc64-2.2.14-8.i386.rpm \
pcmcia-cs-3.1.8-4.i386.rpm
Please reboot to activate fixes.
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
5161253d46349fff42067e5702a34dad linux-kernel-binary-2.4.2-13S.i386.rpm
ec254ad980b0505afc084ba6df09c092 linux-kernel-include-2.4.2-13S.i386.rpm
63d9fb7e589def7b9532ab21b82622b3 linux-source-alpha-2.4.2-13S.i386.rpm
609904b41f2bb4292c82460bf5eec0e9 linux-source-arm-2.4.2-13S.i386.rpm
7ea16f6aaa07ec0521cd391e0dc5d514 linux-source-common-2.4.2-13S.i386.rpm
f63f020fd7a7f553c5d0c568ce2af5c2 linux-source-i386-2.4.2-13S.i386.rpm
a65443cf11bea4bb5b96e3bdf58fe1b8 linux-source-ia64-2.4.2-13S.i386.rpm
d2fc13e507eb0ea3e3efbeb7f997de36 linux-source-m68k-2.4.2-13S.i386.rpm
afda830d9544aacc7a2fd21b0e2a6c21 linux-source-mips-2.4.2-13S.i386.rpm
6fb7efb46e508eeb0026329c5b5ff3f4 linux-source-ppc-2.4.2-13S.i386.rpm
2c2be2906e6975ec275e358d7965c08b linux-source-s390-2.4.2-13S.i386.rpm
270dec86a98cfb100d5f7d03041952c7 linux-source-sparc-2.4.2-13S.i386.rpm
7c649a68cb47f833c49ca8575a53c5b8 linux-source-superH-2.4.2-13S.i386.rpm
d78d52a8b036c023c5182a26d50a15aa linux-2.4.2-13S.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13S.i386.rpm \
linux-kernel-include-2.4.2-13S.i386.rpm \
linux-source-alpha-2.4.2-13S.i386.rpm \
linux-source-arm-2.4.2-13S.i386.rpm \
linux-source-common-2.4.2-13S.i386.rpm \
linux-source-i386-2.4.2-13S.i386.rpm \
linux-source-ia64-2.4.2-13S.i386.rpm \
linux-source-m68k-2.4.2-13S.i386.rpm \
linux-source-mips-2.4.2-13S.i386.rpm \
linux-source-ppc-2.4.2-13S.i386.rpm \
linux-source-s390-2.4.2-13S.i386.rpm \
linux-source-sparc-2.4.2-13S.i386.rpm \
linux-source-superH-2.4.2-13S.i386.rpm
/sbin/depmod -a
Please reboot to activate fixes.
8. OpenLinux 3.1 Workstation
8.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
8.2 Verification
44a4d5cf6ba18e3476f9d8c49f9b6a04 linux-kernel-binary-2.4.2-13D.i386.rpm
41f5b6310a6698ef04cb4991e5d7daf4 linux-kernel-include-2.4.2-13D.i386.rpm
e0452c8f2e6eaf32df13597c5099437a linux-source-alpha-2.4.2-13D.i386.rpm
b699082a6a539b677cabe7bb5000afe7 linux-source-arm-2.4.2-13D.i386.rpm
66927eef4dd9866d2ed500e61f552443 linux-source-common-2.4.2-13D.i386.rpm
ca948ee3d575a3ad188c31d9bbfca52f linux-source-i386-2.4.2-13D.i386.rpm
43ce53295736902f1083fb54a55c38b1 linux-source-ia64-2.4.2-13D.i386.rpm
23bf17a23328ed04f2344de1aeb31321 linux-source-m68k-2.4.2-13D.i386.rpm
645f2554c0d10c342d476b88f64b793c linux-source-mips-2.4.2-13D.i386.rpm
eebe1818d5d1aeeeb627f4187dd46852 linux-source-ppc-2.4.2-13D.i386.rpm
c78a13304eeedade4dfad8373da9f52e linux-source-s390-2.4.2-13D.i386.rpm
33c67ff27fd860124956be11cd9f0c57 linux-source-sparc-2.4.2-13D.i386.rpm
c26bbc1c02b5746acab717e21075f378 linux-source-superH-2.4.2-13D.i386.rpm
062586fa561848495954969fd3f8bf73 linux-2.4.2-13D.src.rpm
8.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/sbin/modprobe loop
rpm -Fvh linux-kernel-binary-2.4.2-13D.i386.rpm \
linux-kernel-include-2.4.2-13D.i386.rpm \
linux-source-alpha-2.4.2-13D.i386.rpm \
linux-source-arm-2.4.2-13D.i386.rpm \
linux-source-common-2.4.2-13D.i386.rpm \
linux-source-i386-2.4.2-13D.i386.rpm \
linux-source-ia64-2.4.2-13D.i386.rpm \
linux-source-m68k-2.4.2-13D.i386.rpm \
linux-source-mips-2.4.2-13D.i386.rpm \
linux-source-ppc-2.4.2-13D.i386.rpm \
linux-source-s390-2.4.2-13D.i386.rpm \
linux-source-sparc-2.4.2-13D.i386.rpm \
linux-source-superH-2.4.2-13D.i386.rpm
/sbin/depmod -a
Please reboot to activate fixes.
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10659, 10660,
9821.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
11. Acknowledgements
Caldera International wishes to thank Rafal Wojtczuk for spotting and
reporting these problems, and Solar Designer and Linus Torvalds for
providing fixes.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7zuVL18sy83A/qfwRAjsYAJ45iDBCp7sAez5+OnYDj2vtbtg0/QCcC9/f
svO+WZ6We1enZrDIZPMpC+w=
=/J4T
-----END PGP SIGNATURE-----