[hack] CERT-IST: segnalazione vulnerabilita linux 2.4.22 e precedenti
Ivano Greco
i.greco@firenzetecnologia.it
Gio 4 Dic 2003 15:13:02 CET
spero possa essere di interesse della lista, sembra una vulnerabilita' grave
del kernel
a presto
ivano greco
Security Advisory CERT-IST/AV-2003.371
Vulnerability in the Linux kernel 2.4, versions 2.4.22 and prior
Version 1.0 (02/12/2003)
----------------------------------------------------------------------------
----
Vulnerability Classification
Risk : Very high High Medium Low Not Rated
Impact : Take control
Vulnerability category : Buffer overflow
Confidence : Vendor-acknowledged
Attacker Profile :
Attack expertise : Skilled
Attack requirements : Remote with account
----------------------------------------------------------------------------
----
System Information
Affected Platform(s) :
Linux systems
Affected Software(s) :
Linux kernel 2.4, versions 2.4.22 and prior
Remarks
Although only the Linux Debian, Mandrake and RedHat distributions have
released an advisory, this flaw potentially impacts all the Linux
distributions. This advisory will be updated consequently.
----------------------------------------------------------------------------
----
Description
Problem description
A vulnerability has been discovered in the controls performed by the
"do_brk" function of the Linux kernel 2.4, versions 2.4.22 and prior. It
allows a malicious person, who has an account on the system, to get "root"
privileges on the latter.
Note : An exploit has been released for this vulnerability.
----------------------------------------------------------------------------
----
Solution
01 - Apply the Linux Debian patches concerning the vulnerabilities of the
Linux 2.4 kernel
Linux Debian 3.0 :
All architectures :
k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14_all.deb
k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb
Alpha architecture :
k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-11_alpha.de
b
k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-11_alpha.deb
k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-11_alph
a.deb
k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb
k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.
deb
i386 architecture :
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12_i38
6.deb
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-1
2_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12_i3
86.deb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12_i386.d
eb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12_i386.
deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12_i3
86.deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12
_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12_i38
6.deb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12_i386.de
b
k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12_i386.deb
k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12_i386.deb
Linux Debian patches
http://security.debian.org/pool/updates/main/
02 - Apply the Linux Mandrake patches concerning the vulnerabilities of the
Linux 2.4 kernel
Corporate Server 2.1 :
corporate/2.1/RPMS/kernel-2.4.19.36mdk-1-1mdk.i586.rpm
corporate/2.1/RPMS/kernel-enterprise-2.4.19.36mdk-1-1mdk.i586.rpm
corporate/2.1/RPMS/kernel-secure-2.4.19.36mdk-1-1mdk.i586.rpm
corporate/2.1/RPMS/kernel-smp-2.4.19.36mdk-1-1mdk.i586.rpm
corporate/2.1/RPMS/kernel-source-2.4.19-36mdk.i586.rpm
Corporate Server 2.1/x86_64 :
x86_64/corporate/2.1/RPMS/kernel-2.4.19.33mdk-1-1mdk.x86_64.rpm
x86_64/corporate/2.1/RPMS/kernel-secure-2.4.19.33mdk-1-1mdk.x86_64.rpm
x86_64/corporate/2.1/RPMS/kernel-smp-2.4.19.33mdk-1-1mdk.x86_64.rpm
x86_64/corporate/2.1/RPMS/kernel-source-2.4.19-33mdk.x86_64.rpm
Mandrake Linux 9.0 :
9.0/RPMS/kernel-2.4.19.36mdk-1-1mdk.i586.rpm
9.0/RPMS/kernel-enterprise-2.4.19.36mdk-1-1mdk.i586.rpm
9.0/RPMS/kernel-secure-2.4.19.36mdk-1-1mdk.i586.rpm
9.0/RPMS/kernel-smp-2.4.19.36mdk-1-1mdk.i586.rpm
9.0/RPMS/kernel-source-2.4.19-36mdk.i586.rpm
Mandrake Linux 9.1 :
9.1/RPMS/kernel-2.4.21.0.26mdk-1-1mdk.i586.rpm
9.1/RPMS/kernel-enterprise-2.4.21.0.26mdk-1-1mdk.i586.rpm
9.1/RPMS/kernel-secure-2.4.21.0.26mdk-1-1mdk.i586.rpm
9.1/RPMS/kernel-smp-2.4.21.0.26mdk-1-1mdk.i586.rpm
9.1/RPMS/kernel-source-2.4.21-0.26mdk.i586.rpm
Mandrake Linux 9.1/PPC :
ppc/9.1/RPMS/kernel-2.4.21.0.26mdk-1-1mdk.ppc.rpm
ppc/9.1/RPMS/kernel-enterprise-2.4.21.0.26mdk-1-1mdk.ppc.rpm
ppc/9.1/RPMS/kernel-smp-2.4.21.0.26mdk-1-1mdk.ppc.rpm
ppc/9.1/RPMS/kernel-source-2.4.21-0.26mdk.ppc.rpm
Multi Network Firewall 8.2 :
mnf8.2/RPMS/kernel-secure-2.4.19.36mdk-1-1mdk.i586.rpm
Mandrake patches
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
03 - Apply the Linux RedHat patches concerning the vulnerabilities of the
Linux 2.4 kernel
Files :
athlon :
athlon/kernel-2.4.20-24.[version].athlon.rpm
athlon/kernel-smp-2.4.20-24.[version].athlon.rpm
i386 :
i386/kernel-2.4.20-24.[version].i386.rpm
i386/kernel-source-2.4.20-24.[version].i386.rpm
i386/kernel-doc-2.4.20-24.[version].i386.rpm
i386/kernel-BOOT-2.4.20-24.[version].i386.rpm
i586 :
i586/kernel-2.4.20-24.[version].i586.rpm
i586/kernel-smp-2.4.20-24.[version].i586.rpm
i686 :
i686/kernel-2.4.20-24.[version].i686.rpm
i686/kernel-smp-2.4.20-24.[version].i686.rpm
i686/kernel-bigmem-2.4.20-24.[version].i686.rpm
with [version] = 7 for 7.x, 8 for 8.0 and 9 for 9
Patches for Linux Red Hat 7.2
ftp://updates.redhat.com/7.2/en/os/
Patches for Linux Red Hat 7.3
ftp://updates.redhat.com/7.3/en/os/
Patches for Linux Red Hat 8.0
ftp://updates.redhat.com/8.0/en/os/
Patches for Linux Red Hat 9.0
ftp://updates.redhat.com/9/en/os/
Patches for Linux Red Hat 7.1
ftp://updates.redhat.com/7.1/en/os/
----------------------------------------------------------------------------
----
Standard vulnerability IDs
CVE : CAN-2003-0961
----------------------------------------------------------------------------
----
Additional Resources
Linux Debian security advisory DSA-403 dated December 1, 2003
http://www.debian.org/security/2003/dsa-403
Linux Mandrake security advisory MDKSA-2003:110 dated December 1, 2003
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:110
Linux RedHat security advisory RHSA-2003-392 dated December 1, 2003
http://rhn.redhat.com/errata/RHSA-2003-392.html
Ivano Greco
Maggiori informazioni sulla lista
golem-hack