Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2003.0827 -- RHSA-2003:392-00
Updated 2.4 kernel fixes privilege escalation security vulnerability
02 December 2003
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel 2.4.22 and prior
Publisher: Red Hat
Operating System: Red Hat Linux 9.0
Red Hat Linux 8.0
Red Hat Linux 7.3
Red Hat Linux 7.2
Red Hat Linux 7.1
Linux
Impact: Root Compromise
Access Required: Existing Account
CVE Names: CAN-2003-0961
Ref: ESB-2003.0826
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated 2.4 kernel fixes privilege escalation security vulnerability
Advisory ID: RHSA-2003:392-00
Issue date: 2003-12-01
Updated on: 2003-12-01
Product: Red Hat Linux
Keywords: privesc
Cross references:
Obsoletes: RHSA-2003:238
CVE Names: CAN-2003-0961
- - ---------------------------------------------------------------------
1. Topic:
Updated kernel packages are now available that fix a security vulnerability
leading to a possible privilege escalation.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686
Red Hat Linux 9 - athlon, i386, i586, i686
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
A flaw in bounds checking in the do_brk() function in the Linux kernel
versions 2.4.22 and previous can allow a local attacker to gain root
privileges. This issue is known to be exploitable; an exploit has been
seen in the wild that takes advantage of this vulnerability. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0961 to this issue.
All users are advised to upgrade to these errata packages, which contain
a backported security patch that corrects this vulnerability.
Important:
If you use Red Hat Linux 7.1, you must have installed quota-3.06-9.71 from
RHSA-2003:187, and if you use Red Hat Linux 7.2 or 7.3, you must have
installed quota-3.06-9.7 from RHSA-2003:187
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To use Red Hat Network to upgrade the kernel, launch the Red Hat Update
Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the
kernel explicitly if you are using the default configuration of up2date.
To install kernel packages manually, use "rpm -ivh <package>" and
modify system settings to boot the kernel you have installed. To
do this, edit /boot/grub/grub.conf and change the default entry to
"default=0" (or, if you have chosen to use LILO as your boot loader,
edit /etc/lilo.conf and run lilo)
Do not use "rpm -Uvh" as that will remove your running kernel binaries
from your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
5. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-24.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-24.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-24.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-24.8.src.rpm
athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-24.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-24.8.athlon.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-24.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-24.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-24.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-24.8.i386.rpm
i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-24.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-24.8.i586.rpm
i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-24.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-24.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-24.8.i686.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-24.9.src.rpm
athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-24.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-24.9.athlon.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-24.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-24.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-24.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-24.9.i386.rpm
i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-24.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-24.9.i586.rpm
i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-24.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-24.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-24.9.i686.rpm
6. Verification:
MD5 sum Package Name
- - --------------------------------------------------------------------------
d820f37c791df3f59e22e0f2f4aee4a8 7.1/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
172f574aa6055e4ed706abf395b4a9ab 7.1/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
f7b7f5e5eafc31b541fe3a27bd48f408 7.1/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
3ae94919218a7edce005c955f6b22776 7.1/en/os/i386/kernel-2.4.20-24.7.i386.rpm
6a4ab4889332208b048f4ef2fb7a190d 7.1/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
b10a9aff5af4ce2cf36252fd4b0f21a0 7.1/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
5a88fec16c237e778518df03e62af071 7.1/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
bacae6a71188c7e5e54c4a91434c67c4 7.1/en/os/i586/kernel-2.4.20-24.7.i586.rpm
945b720803753d1f60f6d4492b54ca6b 7.1/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
a6351fcc1a61054adf492f66da65f2d9 7.1/en/os/i686/kernel-2.4.20-24.7.i686.rpm
fe052b2b749aa3d1abe449d3ea392cf9 7.1/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
31128ef6e28b75ce451b4c3c00a0b1b7 7.1/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
d820f37c791df3f59e22e0f2f4aee4a8 7.2/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
172f574aa6055e4ed706abf395b4a9ab 7.2/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
f7b7f5e5eafc31b541fe3a27bd48f408 7.2/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
3ae94919218a7edce005c955f6b22776 7.2/en/os/i386/kernel-2.4.20-24.7.i386.rpm
6a4ab4889332208b048f4ef2fb7a190d 7.2/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
b10a9aff5af4ce2cf36252fd4b0f21a0 7.2/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
5a88fec16c237e778518df03e62af071 7.2/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
bacae6a71188c7e5e54c4a91434c67c4 7.2/en/os/i586/kernel-2.4.20-24.7.i586.rpm
945b720803753d1f60f6d4492b54ca6b 7.2/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
a6351fcc1a61054adf492f66da65f2d9 7.2/en/os/i686/kernel-2.4.20-24.7.i686.rpm
fe052b2b749aa3d1abe449d3ea392cf9 7.2/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
31128ef6e28b75ce451b4c3c00a0b1b7 7.2/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
d820f37c791df3f59e22e0f2f4aee4a8 7.3/en/os/SRPMS/kernel-2.4.20-24.7.src.rpm
172f574aa6055e4ed706abf395b4a9ab 7.3/en/os/athlon/kernel-2.4.20-24.7.athlon.rpm
f7b7f5e5eafc31b541fe3a27bd48f408 7.3/en/os/athlon/kernel-smp-2.4.20-24.7.athlon.rpm
3ae94919218a7edce005c955f6b22776 7.3/en/os/i386/kernel-2.4.20-24.7.i386.rpm
6a4ab4889332208b048f4ef2fb7a190d 7.3/en/os/i386/kernel-BOOT-2.4.20-24.7.i386.rpm
b10a9aff5af4ce2cf36252fd4b0f21a0 7.3/en/os/i386/kernel-doc-2.4.20-24.7.i386.rpm
5a88fec16c237e778518df03e62af071 7.3/en/os/i386/kernel-source-2.4.20-24.7.i386.rpm
bacae6a71188c7e5e54c4a91434c67c4 7.3/en/os/i586/kernel-2.4.20-24.7.i586.rpm
945b720803753d1f60f6d4492b54ca6b 7.3/en/os/i586/kernel-smp-2.4.20-24.7.i586.rpm
a6351fcc1a61054adf492f66da65f2d9 7.3/en/os/i686/kernel-2.4.20-24.7.i686.rpm
fe052b2b749aa3d1abe449d3ea392cf9 7.3/en/os/i686/kernel-bigmem-2.4.20-24.7.i686.rpm
31128ef6e28b75ce451b4c3c00a0b1b7 7.3/en/os/i686/kernel-smp-2.4.20-24.7.i686.rpm
f6f49ba606d4ef1a586f99c564b2499d 8.0/en/os/SRPMS/kernel-2.4.20-24.8.src.rpm
2244d511620477db15996ac6ac586ce6 8.0/en/os/athlon/kernel-2.4.20-24.8.athlon.rpm
f73a9ab55bbf9cd43d83c16546a9a07a 8.0/en/os/athlon/kernel-smp-2.4.20-24.8.athlon.rpm
6c25fc68334cde596e183532d8b3483a 8.0/en/os/i386/kernel-2.4.20-24.8.i386.rpm
c79ea815774a3cf3c00c89f36b34aacb 8.0/en/os/i386/kernel-BOOT-2.4.20-24.8.i386.rpm
3b9cf1a0a8db7fd4503a56d498a23878 8.0/en/os/i386/kernel-doc-2.4.20-24.8.i386.rpm
c21153374e1847f47d29ecf99805c064 8.0/en/os/i386/kernel-source-2.4.20-24.8.i386.rpm
35da48234c032663cd5765a15cab8169 8.0/en/os/i586/kernel-2.4.20-24.8.i586.rpm
4dcbad37430e402267a991e1e8586586 8.0/en/os/i586/kernel-smp-2.4.20-24.8.i586.rpm
000e2b216d17a64b15a81dc27c21b453 8.0/en/os/i686/kernel-2.4.20-24.8.i686.rpm
062a3810a475c2dacb06c03234652e76 8.0/en/os/i686/kernel-bigmem-2.4.20-24.8.i686.rpm
a66bd9c6f6da80b26a353a99f33b5f25 8.0/en/os/i686/kernel-smp-2.4.20-24.8.i686.rpm
e68dc0c95aab8a27fbdd911925e7be0b 9/en/os/SRPMS/kernel-2.4.20-24.9.src.rpm
cd422af233db0164be1a66f69278fb0e 9/en/os/athlon/kernel-2.4.20-24.9.athlon.rpm
60e111499188473b79aa7fe4dfc4f553 9/en/os/athlon/kernel-smp-2.4.20-24.9.athlon.rpm
e732e2ea47e5b07ad3ccebcdb9f96743 9/en/os/i386/kernel-2.4.20-24.9.i386.rpm
f00e2c660038c2689c23d28b20da63d7 9/en/os/i386/kernel-BOOT-2.4.20-24.9.i386.rpm
5f14574fc6248d02ea346adbf304a881 9/en/os/i386/kernel-doc-2.4.20-24.9.i386.rpm
536db3f62fb66ef96f6171c6f4788db4 9/en/os/i386/kernel-source-2.4.20-24.9.i386.rpm
423f4ef61689574ce915d9c393e50987 9/en/os/i586/kernel-2.4.20-24.9.i586.rpm
4121d90dfacd06d266d6b920c8b3b898 9/en/os/i586/kernel-smp-2.4.20-24.9.i586.rpm
84b5ebcabf19ed929120ecd70b3d09dc 9/en/os/i686/kernel-2.4.20-24.9.i686.rpm
c95ab7333115db5be3a21c5d144db04b 9/en/os/i686/kernel-bigmem-2.4.20-24.9.i686.rpm
58a563ee017283fc7a2843d2a5888986 9/en/os/i686/kernel-smp-2.4.20-24.9.i686.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/zAb2XlSAg2UNWIIRAiRVAJ9PjXtJo+rY/8JcZeSqaxS8IAyFCACfWu2a
10KjM+Vq0yd6hCh5bOrGE30=
=VbSe
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBP8wnoSh9+71yA2DNAQF7lQP/csKhCVaMUbmUyTl0zYfumnrjxcmdlkBT
Hwq3Gr0z5e/GE1WEm+zf0Xda8nSfnWfftOCcelwqKgzW01iWsDsriVm+LUnhPPv3
BKQH0tfWF/g+/rk7mDZV7sLAb2nYc8Gg/Rj5hMcB9qJ8xRB6WYLbKGjgT+eeSUlR
C7UQeGwCzek=
=jsPG
-----END PGP SIGNATURE-----