[LWN Logo]
[Timeline]
Date: Thu, 8 Feb 2001 12:30:43 -0700
From: Caldera Support Info <sup-info@locutus4.calderasystems.com>
To: announce@lists.calderasystems.com, bugtraq@securityfocus.com,
Subject: Security Advisory: security problems in ptrace and sysctl CSSA-2001-009.0


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		security problems in ptrace and sysctl
Advisory number: 	CSSA-2001-009.0
Issue date: 		2001 February, 08
Cross reference:
______________________________________________________________________________


1. Problem Description

   There are two security problems in 2.2 and 2.4 kernels.

   By passing a negative offset to sysctl(), an attacker can read
   large parts of Linux kernel memory.

   In addition, a race condition has been discovered that allows
   an attacker to attach via ptrace to a setuid process, allowing
   him to modify the running process.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				linux-2.2.10-11

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	linux-2.2.14-10S

   OpenLinux eDesktop 2.4       All packages previous to
   				linux-2.2.14-6

3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:
        
       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

8a0ef1cedca96379e5a1d1edb9c125ad  RPMS/linux-kernel-binary-2.2.10-11.i386.rpm
f07baace0c59d53e224771ed08ebf997  RPMS/linux-kernel-doc-2.2.10-11.i386.rpm
32bcd0c87ea21059849f9a2d19f24b96  RPMS/linux-kernel-include-2.2.10-11.i386.rpm
6d8bf49f14207588b700c85534962f1d  RPMS/linux-source-alpha-2.2.10-11.i386.rpm
05e01990ade901cabc13835fbdbb408d  RPMS/linux-source-arm-2.2.10-11.i386.rpm
0fca33e2c7ba92a6d1bd07800b83a08c  RPMS/linux-source-common-2.2.10-11.i386.rpm
0d779697b36fbad15c66fa5fb050982c  RPMS/linux-source-i386-2.2.10-11.i386.rpm
548b09b70a84f25a7ce1b89e3a08dd52  RPMS/linux-source-m68k-2.2.10-11.i386.rpm
047d2b9fa3bba181a4cfa24938eb6992  RPMS/linux-source-mips-2.2.10-11.i386.rpm
f565161051887da728af6a5c9498fd72  RPMS/linux-source-ppc-2.2.10-11.i386.rpm
d054d7d142f3934dad724764c10c2366  RPMS/linux-source-sparc-2.2.10-11.i386.rpm
530cd4780c4a2985f7622a6f5d3b0e2d  RPMS/linux-source-sparc64-2.2.10-11.i386.rpm
65294d6f7aa24446d29b8ad0a3e8110e  RPMS/pcmcia-cs-3.0.14-2.i386.rpm
355b3b900f6991ae0952c820af0c47c6  SRPMS/linux-2.2.10-11.src.rpm
9cdf867c2e9ce4f30ee7c6075dfe44a3  SRPMS/pcmcia-cs-3.0.14-2.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  modprobe loop
          rpm -Fhv linux-*.i386.rpm pcmcia-*i386.rpm 

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

9f0c065aa14dea81aa3328cf5714d52b  RPMS/iBCS-2.1-5.i386.rpm
96ba2899df9086fc0f805844fedeff8d  RPMS/iBCS-extras-2.1-5.i386.rpm
e1e8480264cdbb766b0ce72fdbd48210  RPMS/linux-kernel-binary-2.2.14-10S.i386.rpm
1ee722df6359d24b7e585aacb8551fd9  RPMS/linux-kernel-doc-2.2.14-10S.i386.rpm
c9645f600529def2cdebf44f6df5570c  RPMS/linux-kernel-include-2.2.14-10S.i386.rpm
8eeed84077d1c91055f39751481ab241  RPMS/linux-source-alpha-2.2.14-10S.i386.rpm
d73db690f13f3aeb73d1c9f6d39fc041  RPMS/linux-source-arm-2.2.14-10S.i386.rpm
936b50d5e54a2bc0065d1027cdda9283  RPMS/linux-source-common-2.2.14-10S.i386.rpm
b2c92124ddda525c79c6eb25999577cd  RPMS/linux-source-i386-2.2.14-10S.i386.rpm
072afe6e635c6db3d3cfc6150d711eb0  RPMS/linux-source-m68k-2.2.14-10S.i386.rpm
2591caa8b746764296920a56af41e176  RPMS/linux-source-mips-2.2.14-10S.i386.rpm
e08c380c2f28ad8518921d70e34febff  RPMS/linux-source-ppc-2.2.14-10S.i386.rpm
33337a54e9e4a5b314755d2a510a7e32  RPMS/linux-source-sparc-2.2.14-10S.i386.rpm
c1eec98091fd9740bf7bfc6532e50820  RPMS/linux-source-sparc64-2.2.14-10S.i386.rpm
40019cca864690f2c38352a093f364c8  RPMS/pcmcia-cs-3.1.4-2.i386.rpm
14565258531852898ff0be9b5825dd7d  SRPMS/iBCS-2.1-5.src.rpm
e5497fff424aa61632b022a07bc85912  SRPMS/linux-2.2.14-10S.src.rpm
5b92f68f680345805e1c77fd44d89a2a  SRPMS/pcmcia-cs-3.1.4-2.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  modprobe loop
          rpm -Fvh linux-*i386.rpm pcmcia*i386.rpm iBCS*i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

67c7df7f573a831c5c46a643f7930499  RPMS/hwprobe-20000214-3.i386.rpm
ee79eb927480213cf57df6550086c432  RPMS/iBCS-2.1-9.i386.rpm
3f958c65965f370b500e9fbefbd0ce55  RPMS/iBCS-extras-2.1-9.i386.rpm
ff437f5400a7b7e301c233d0ff3a2320  RPMS/iBCS-module-2.1_2.2.14-9.i386.rpm
a339adde345ce87c95b27e553b597bc4  RPMS/linux-kernel-binary-2.2.14-6.i386.rpm
686725eb5aa1854b6e805bf0d1697995  RPMS/linux-kernel-doc-2.2.14-6.i386.rpm
a2b361bea7d2f7a0d56b9e2465d91fa6  RPMS/linux-kernel-include-2.2.14-6.i386.rpm
de2a84e9016fafe1df142e6587a2af73  RPMS/linux-source-alpha-2.2.14-6.i386.rpm
af53b5b1bc47489374fd690002345ea7  RPMS/linux-source-arm-2.2.14-6.i386.rpm
58d12902baae6f3baa693d14a760cbc3  RPMS/linux-source-common-2.2.14-6.i386.rpm
fbf9fbd017e612d1710170f3d7118c7f  RPMS/linux-source-i386-2.2.14-6.i386.rpm
cad18295f0df7ca1eba19cf97384aeb6  RPMS/linux-source-m68k-2.2.14-6.i386.rpm
75942d127d7ef9b98c956e7cb4abac6b  RPMS/linux-source-mips-2.2.14-6.i386.rpm
5c94b82aae50f4925d3a64ef9aae6412  RPMS/linux-source-ppc-2.2.14-6.i386.rpm
84eb1eff37fabd7d0f4df5ae025c0fd3  RPMS/linux-source-sparc-2.2.14-6.i386.rpm
1624e4bb66a6be2a1982809bf0f25e60  RPMS/linux-source-sparc64-2.2.14-6.i386.rpm
e34a47ff00e045d7aaa0c321e9444b33  RPMS/pcmcia-cs-3.1.8-2.i386.rpm
64bb4f963b374c2ae0be9b7cefc458da  SRPMS/hwprobe-20000214-3.src.rpm
0c0a223b294aa311d9f9b3eecd57f2b3  SRPMS/iBCS-2.1-9.src.rpm
b7d59154a2ec54334b0d26f693336094  SRPMS/linux-2.2.14-6.src.rpm
141b5dcf89bc6976c5e8a7c15cd27e58  SRPMS/pcmcia-cs-3.1.8-2.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

       modprobe loop
       rpm -Fvh linux-*i386.rpm pcmcia*i386.rpm iBCS*i386.rpm hwprobe*i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 9042.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

   Caldera, Inc. wishes to thank Chris Evans, Solar Designer and Alan
   Cox for finding the bugs and their assistance in getting them fixed.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6goQi18sy83A/qfwRApM0AJ9fwIFRqKtq5TzEwL9lJlutOaRspwCgh0/e
0FFxS+9ycE6XYkEeHVTKcD0=
=sOaz
-----END PGP SIGNATURE-----