(Turbolinux Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
|
|
SecurityTracker Alert ID: 1008369 |
|
SecurityTracker URL: http://securitytracker.com/id/1008369
|
|
CVE Reference:
CAN-2003-0961
(Links to External Site)
|
Date: Dec 3 2003
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4.22 and prior 2.4 kernels
|
Description:
An input validation vulnerability was reported in the Linux 2.4 kernel. A local user can gain root level privileges.
It is reported that the do_brk() function does not perform proper bounds checking. A local user can run a userland application to cause the kernel to grant the local user access to the full kernel address space. The userland application can create an arbitrary and large virtual memory area, exceeding user accessible memory limits (TASK_SIZE).
Red Hat reports that an exploit for this flaw has been found in the wild.
|
Impact:
A local user can gain root privileges.
|
Solution:
Turbolinux has issued the following fixes:
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 3 Dec 2003 21:15:00 +0900
Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 03/Dec/2003
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 03/Dec/2003
============================================================
The following page contains the security information of Turbolinux Inc.
- Turbolinux Security Center
http://www.turbolinux.com/security/
(1) kernel -> Integer overflow
===========================================================
* kernel -> Integer overflow
===========================================================
More information :
The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.
The kernel handles the basic functions of the operating system.
A flaw in bounds checking in the do_brk() function in the Linux.
Impact :
The local users may be able to gain root privileges.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom update kernel kernel-BOOT kernel-doc kernel-headers kernel-pcmcia-cs kernel-smp kernel-smp64G kernel-source
---------------------------------------------
<Turbolinux 8 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 7 Server>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/kernel-2.4.18-15.src.rpm
41892334 9ce72130b877766f844277b6083789af
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-2.4.18-15.i586.rpm
14058497 69241f9f766ae8e3a8b90991c1ebb273
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-BOOT-2.4.18-15.i586.rpm
7100399 5d87135fa0f5279604040fccf229fac1
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-doc-2.4.18-15.i586.rpm
1458110 8cb3a7993e844c54dd537b7fdf00839f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-headers-2.4.18-15.i586.rpm
1816129 5c1972c228227ce3d7aaa028ead65b71
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-pcmcia-cs-2.4.18-15.i586.rpm
329023 b26f7a1a9df8dd7571930829e5490cdd
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp-2.4.18-15.i586.rpm
14549721 3f3eca5764a3e9c5e7968947f95c4258
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-smp64G-2.4.18-15.i586.rpm
14527839 57e25b0b12061b0e67328837a55da0c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/kernel-source-2.4.18-15.i586.rpm
26510577 9ffa4dbc16fa4fe0f3bbbaaa528872d7
References :
CVE
[CAN-2003-0462]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0462
[CAN-2003-0465]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0465
[CAN-2002-0499]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0499
[CAN-2003-0501]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0501
[CAN-2003-0961]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
* You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.
http://www.turbolinux.com/download/zabom.html
http://www.turbolinux.com/download/zabomupdate.html
Package Update Path
http://www.turbolinux.com/update
============================================================
* To obtain the public key
Here is the public key
http://www.turbolinux.com/security/
* To unsubscribe from the list
If you ever want to remove yourself from this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).
unsubscribe
* To change your email address
If you ever want to chage email address in this mailing list,
you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:
chaddr 'old address' 'new address'
If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>
Thank you!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/zdPPK0LzjOqIJMwRAhBKAKC9M9om9yt35k021whQx0OZ4L8hMgCfdjey
7mBX+8qanZnDyTsbsNg/uJ4=
=kDIZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
