[Fwd: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can
access Linux kernel memory]
Niki Guldbrand
niki at lunar-linux.org
Tue Dec 2 08:36:23 GMT 2003
Hi All.
I'll see if i can get a 2.4.23 patchset ready today, if not i'll see if
i can find the patch that fixes this hole and add it to the patchset...
I have 2.4.23-grsec ready for testing, and it's compiling as we speak
;-)
Niki
On Tue, 2003-12-02 at 08:32, Niki Guldbrand wrote:
> Hi all.
>
> Here is the official Security Advisory, about the resent kernel exploit
> used to gain root on the debian server that was compromised resently.
>
>
> Niki
>
> ______________________________________________________________________
> From: debian-security-announce at lists.debian.org
> To: full-disclosure at lists.netsys.com
> Subject: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory
> Date: Mon, 01 Dec 2003 21:17:12 +0100
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-403-1 security at debian.org
> http://www.debian.org/security/ Wichert Akkerman
> December 1, 2003
> - ------------------------------------------------------------------------
>
>
> Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18
> Vulnerability : userland can access full kernel memory
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CAN-2003-0961
>
> Recently multiple servers of the Debian project were compromised using a
> Debian developers account and an unknown root exploit. Forensics
> revealed a burneye encrypted exploit. Robert van der Meulen managed to
> decrypt the binary which revealed a kernel exploit. Study of the exploit
> by the RedHat and SuSE kernel and security teams quickly revealed that
> the exploit used an integer overflow in the brk system call. Using
> this bug it is possible for a userland program to trick the kernel into
> giving access to the full kernel address space. This problem was found
> in September by Andrew Morton, but unfortunately that was too late for
> the 2.4.22 kernel release.
>
> This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
> 2.6.0-test6 kernel tree. For Debian it has been fixed in version
> 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
> kernel images and version 2.4.18-11 of the alpha kernel images.
>
>
> Upgrade instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian 3.0 (stable)
> - -------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.tar.gz
> Size/MD5 checksum: 69746 a4b642e03732748d6820524746ba2265
> http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
> Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.dsc
> Size/MD5 checksum: 874 6fe1a9a759850570f1609b77502c13bc
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.tar.gz
> Size/MD5 checksum: 24210 11373e2cf7e659f5a69c33f3f143fcaf
> http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.dsc
> Size/MD5 checksum: 798 14840782d3ae928fd453a7dba225bb7f
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.dsc
> Size/MD5 checksum: 1325 a77acb0743f3d3a16c00fa1cd4520e89
> http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.diff.gz
> Size/MD5 checksum: 66878 916d16dd46c59dd4314c45e48f33f043
>
> Architecture independent packages:
>
> http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14_all.deb
> Size/MD5 checksum: 1710438 5e6cb496150391a93558652c97fb214b
> http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb
> Size/MD5 checksum: 23903282 9d5cb5159bf76451dd32e75467ca6240
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-11_alpha.deb
> Size/MD5 checksum: 3514858 ec88046377537587469e5527f3633c65
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-11_alpha.deb
> Size/MD5 checksum: 3362836 f91eb5ef18c3413ae200c5b1679264cc
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-11_alpha.deb
> Size/MD5 checksum: 3512244 a46de1359655b3a05c99cd8211edd41f
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb
> Size/MD5 checksum: 12799424 966ecceeb16c5bf87cc31b9178d6add9
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.deb
> Size/MD5 checksum: 12425696 27b4defd9326ed5bac3a765977437354
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb
> Size/MD5 checksum: 8863312 17a9c0323f06ed3eda1d17bdaf443d50
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12_i386.deb
> Size/MD5 checksum: 230194 9e347c03ffaf24762ec8ad86f3c3c482
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12_i386.deb
> Size/MD5 checksum: 8797832 00ab7c9bf64614112684e60595e1fe30
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12_i386.deb
> Size/MD5 checksum: 230960 8ba2a811fb753a4b5083254c5ab402c2
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12_i386.deb
> Size/MD5 checksum: 227302 63e4524d17cb0dcf34774637293d2700
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12_i386.deb
> Size/MD5 checksum: 3525452 7f0208aa3bc2e9974590839d141c4ca3
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12_i386.deb
> Size/MD5 checksum: 3527346 6b321ce7efdc5d1f641ca4e14db1807e
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12_i386.deb
> Size/MD5 checksum: 228266 e05c768db8f79e76db1dbf39200075cc
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12_i386.deb
> Size/MD5 checksum: 227834 3799038b55f03ea7fcacef73e50a7b02
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12_i386.deb
> Size/MD5 checksum: 8704448 f8531f0d6173228a2f952e4ca80ee618
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12_i386.deb
> Size/MD5 checksum: 3524656 c40e3230e071e5917f3c82ef8d8a3b79
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12_i386.deb
> Size/MD5 checksum: 8661138 121c4860a88e6e0ef84941b044e655ee
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12_i386.deb
> Size/MD5 checksum: 226934 f29016331da939466d99fde7e6dbf0c4
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12_i386.deb
> Size/MD5 checksum: 3431968 37d14ba3820e331c7701c6dbc65440c7
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12_i386.deb
> Size/MD5 checksum: 3525938 0b4f3c22d96777bd95673e8c6ceb45a9
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12_i386.deb
> Size/MD5 checksum: 3525194 89b06e76e46487a2708317a7d2643519
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12_i386.deb
> Size/MD5 checksum: 8960026 e01cd0b938c75a247cc111855632934c
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12_i386.deb
> Size/MD5 checksum: 3524794 43c7a34c6428e7d79fb660b4a434aaae
> http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12_i386.deb
> Size/MD5 checksum: 8703034 a6d0829412575a9f7e6c227c5275a47b
>
> - --
> - ----------------------------------------------------------------------------
> Debian Security team <team at security.debian.org>
> http://www.debian.org/security/
> Mailing-List: debian-security-announce at lists.debian.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQE/y6HGPLiSUC+jvC0RAnd9AKCKvn969KiqvmErdGNv1iJSgzTVxwCbBkWB
> IZdDr8fKKloX6PSe+tPOW68=
> =nGzM
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> ______________________________________________________________________
> _______________________________________________
> lunar mailing list
> lunar at lunar-linux.org
> http://dbguin.lunar-linux.org/mailman/listinfo/lunar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lunar-linux.org/pipermail/lunar/attachments/20031202/9ff4b7f3/attachment.bin
More information about the lunar
mailing list