Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0130 -- Debian Security Advisory DSA 438-1 New Linux 2.4.18 packages fix local root exploit (alpha+i386+powerpc) 19 February 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Debian Operating System: Debian GNU/Linux 3.0 alias woody Linux Impact: Root Compromise Access Required: Existing Account CVE Names: CAN-2004-0077 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 438-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 18th, 2004 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : kernel-source-2.4.18, kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-image-2.4.18-i386bf, kernel-patch-2.4.18-powerpc Vulnerability : missing function return value check Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0077 Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. For the stable distribution (woody) this problem has been fixed in version 2.4.18-14.2 of kernel-source, version 2.4.18-14 of alpha images, version 2.4.18-12.2 of i386 images, version 2.4.18-5woody7 of i386bf images and version 2.4.18-1woody4 of powerpc images. Other architectures will probably mentioned in a separate advisory or are not affected (m68k). For the unstable distribution (sid) this problem is fixed in version 2.4.24-3 for source, i386 and alpha images and version 2.4.22-10 for powerpc images. This problem is also fixed in the upstream version of Linux 2.4.25 and 2.6.3. We recommend that you upgrade your Linux kernel packages immediately. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.dsc Size/MD5 checksum: 664 38e578dda3dd54a5daa6b8badcac1a58 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.diff.gz Size/MD5 checksum: 67490 e1ef6246f639481dfd8b3c5b15d8668e http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.dsc Size/MD5 checksum: 876 7774c946590a5a80332ca920f67cc8ec http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.tar.gz Size/MD5 checksum: 24477 b9c0ba46774c2da3be69851110d6f2f9 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.dsc Size/MD5 checksum: 1193 b44a4e8f803bb2214bd0c4c3e9f88d81 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.tar.gz Size/MD5 checksum: 70044 f4caad005d02a1c7cadfa73bfc4952fb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.dsc Size/MD5 checksum: 656 e091295663f495df0ea8273703decef0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.tar.gz Size/MD5 checksum: 26249 f84d855e356c1f5290f6fe96d9e039c8 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.dsc Size/MD5 checksum: 713 7f68980058d55c40a037c6666354ffe9 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.tar.gz Size/MD5 checksum: 79541 bff712e95a6960659a0e96dab9732ed4 Architecture independent components: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.2_all.deb Size/MD5 checksum: 1719692 32cb6638a9be7e7f7332152c04854bba http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2_all.deb Size/MD5 checksum: 24133918 306f15a8a6279221394b6a8ac2c5a69c http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4_all.deb Size/MD5 checksum: 79274 8ea5d169fd45e464c1213e729e4e5368 Alpha architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-14_alpha.deb Size/MD5 checksum: 3363042 9ee4da919ccec99281efdaaae303af73 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-14_alpha.deb Size/MD5 checksum: 3512422 47b306297211fd7079abb918bb10ef37 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-14_alpha.deb Size/MD5 checksum: 3515048 d0153184a825640d1fe64b905ab98de4 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-14_alpha.deb Size/MD5 checksum: 12425644 aa320665938f55d33bfc8a9593e4639f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-14_alpha.deb Size/MD5 checksum: 12800414 2901b9a0ff3cabfbb4249ee2cbb94b43 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12.2_i386.deb Size/MD5 checksum: 3412982 cad64cfd789bfa49fe5463a3b4a8a5bd http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12.2_i386.deb Size/MD5 checksum: 3503440 02c707f32c72f98df9002c04006aae6b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12.2_i386.deb Size/MD5 checksum: 3504340 bd5e69e90ab3be3378f588abbfe23c79 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12.2_i386.deb Size/MD5 checksum: 3504232 6ab9026a1484be3aaf7fa08217ae9c5c http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12.2_i386.deb Size/MD5 checksum: 3505300 2ffc58a24a13bf0991be5b982026b6c5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12.2_i386.deb Size/MD5 checksum: 3504034 a448bb692b10914a3a7f7f1d9b16be96 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12.2_i386.deb Size/MD5 checksum: 3504256 349318073fbd9b6f3eae2b7bc5d65b54 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12.2_i386.deb Size/MD5 checksum: 8797608 df96f2969970f149992e74cfd7838919 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12.2_i386.deb Size/MD5 checksum: 8704208 b29d3a133a3d5485645a1428045481f2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12.2_i386.deb Size/MD5 checksum: 8703628 fdf8ddc2c2fdc0c5ceffb9f34b8dc00f http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12.2_i386.deb Size/MD5 checksum: 8959706 da0efa81b152f5ce0e949ba00a58b1f0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12.2_i386.deb Size/MD5 checksum: 8660826 78ee935b25e3cb8e1d6affc13e78aa35 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12.2_i386.deb Size/MD5 checksum: 8863038 8b0605e449390dfd819e5543c79fe0e3 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12.2_i386.deb Size/MD5 checksum: 228532 83d533868f288d4bd7866cf4b3114321 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12.2_i386.deb Size/MD5 checksum: 228084 dca93798c731513d7f8908c591fc4992 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12.2_i386.deb Size/MD5 checksum: 227546 99c579382f1c93af23cdedb9dfdce997 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12.2_i386.deb Size/MD5 checksum: 231188 cae74563956d0a8757994959b101e5c0 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12.2_i386.deb Size/MD5 checksum: 227180 eb3383f20e4123b964a6143fae4be03b http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12.2_i386.deb Size/MD5 checksum: 230440 e4875246851ee5dd470bf61af43e2ef6 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody7_i386.deb Size/MD5 checksum: 3410436 8238f8f8d03b19071ca774e611c83cd5 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody7_i386.deb Size/MD5 checksum: 6425110 e7e25ace06cd1edbb6967c3cae155e09 PowerPC architecture: http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody4_powerpc.deb Size/MD5 checksum: 3432656 4116a684a091bbc46a94fcafc03ba50a http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody4_powerpc.deb Size/MD5 checksum: 9452588 ca305391d3dfe3aa0ab140a047d67df2 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody4_powerpc.deb Size/MD5 checksum: 10101958 d427f943297e02355545d7fa1a2ab263 http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody4_powerpc.deb Size/MD5 checksum: 10345492 4d6e160cb19df083c4d238f8ff1e4913 These files will probably be moved into the stable distribution on its next revision. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAM2jFW5ql+IAeqTIRAjKuAJ9C50/t8NuXmFzw2oJOkA0JzMwLEACfZ3A3 ygZc/drgecpezqGQUmvkYyw= =169V - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQDRVRyh9+71yA2DNAQHJFAP+MWo1eFAUedxYf3GevLpDIZ1ZfA7sd7/q sDRYZFfhyQ9rew1y050m6lz4s0z096WdR1ZmpHQnCU4flcEAujTUQ3EifHDIXz2o 6le3bgYpQ0OcmDnLLAprPB1SFqYGG90I1Z4Lrvuou+AlHoOCSmo+eXGhKxmTk7vG DMEBdGgo7Cs= =Ptrg -----END PGP SIGNATURE-----