(Gentoo Issues Fix) Linux 2.4 Kernel do_brk() Input Validation Flaw Lets Local Users Grab Root Privileges
|
|
SecurityTracker Alert ID: 1008389 |
|
SecurityTracker URL: http://securitytracker.com/id/1008389
|
|
CVE Reference:
CAN-2003-0961
(Links to External Site)
|
Date: Dec 4 2003
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4.22 and prior 2.4 kernels
|
Description:
An input validation vulnerability was reported in the Linux 2.4 kernel. A local user can gain root level privileges.
It is reported that the do_brk() function does not perform proper bounds checking. A local user can run a userland application to cause the kernel to grant the local user access to the full kernel address space. The userland application can create an arbitrary and large virtual memory area, exceeding user accessible memory limits (TASK_SIZE).
Red Hat reports that an exploit for this flaw has been found in the wild.
|
Impact:
A local user can gain root privileges.
|
Solution:
Gentoo has released a fix and recommends that all Gentoo Linux users upgrade their machines to use a kernel from the list [in the Source Message].
emerge sync
emerge -pv [your preferred kernel sources]
emerge [your preferred kernel sources]
[update the /usr/src/linux symlink]
[compile and install your new kernel]
[emerge any necessary kernel module ebuilds]
[reboot]
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 4 Dec 2003 15:15:28 -0500
Subject: [gentoo-announce] GLSA: kernel (200312-02)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-02
- --------------------------------------------------------------------------
GLSA: 200312-02
package: kernel
summary: A flaw in the do_brk() function of Linux kernel 2.4.22
and earlier can be exploited by local users or malicious
services to gain root privileges.
severity: high
Gentoo bug: 34844
date: 2003-12-04
CVE: CAN-2003-0961
exploit: local
affected: <2.4.22
fixed: >=2.4.23
fixed: >=2.4.22+patches
DESCRIPTION:
Lack of proper bounds checking exists in the do_brk() kernel function in
Linux kernels prior to 2.4.23. This bug can be used to give a userland
program or malicious service access to the full kernel address space and
gain root privileges. This issue is known to be exploitable.
All kernel ebuilds in Portage have been bumped or patched and do not contain
this vulnerability. The following is a list of recommended kernels.
aa-sources-2.4.23_pre6-r3
ck-sources-2.4.22-r3
gentoo-sources-2.4.20-r9
gentoo-sources-2.4.22-r1
grsec-sources-2.4.22.1.9.12-r1
grsec-sources-2.4.22.2.0_rc3-r1
gs-sources-2.4.23_pre8-r1
hardened-sources-2.4.22-r1
hardened-sources-2.4.22-r1
ia64-sources-2.4.22-r1
mips-sources-2.4.22-r4
mips-sources-2.4.22-r5
openmosix-sources-2.4.22-r1
ppc-sources-2.4.22-r3
ppc-sources-benh-2.4.20-r9
ppc-sources-benh-2.4.21-r2
ppc-sources-benh-2.4.22-r3
ppc-sources-crypto-2.4.20-r1
selinux-sources-2.4.21-r5
sparc-sources-2.4.23
usermode-sources-2.4.22-r1
wolk-sources-4.10_pre7-r1
wolk-sources-4.9-r2
xfs-sources-2.4.20-r4
SOLUTION:
It is recommended that all Gentoo Linux users upgrade their machines to use
a kernel from the list above.
emerge sync
emerge -pv [your preferred kernel sources]
emerge [your preferred kernel sources]
[update the /usr/src/linux symlink]
[compile and install your new kernel]
[emerge any necessary kernel module ebuilds]
[reboot]
// end
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/z5Wynt0v0zAqOHYRAujmAKCsOXthCcWiGvTWThjozzsjlW4q3gCdGqLI
FWseBXkoN6qBg6u30yPVCLw=
=V/8J
-----END PGP SIGNATURE-----
|
|
