SOT Linux Advisories: kernel, samba

[ Thanks to SOT Linux
Security Team for this link. ]

----------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated kernel package for SOT Linux 2002
Advisory ID:       SLSA-2003:19
Date:              Wednesday, April 23, 2003
Product:           SOT Linux 2002
----------------------------------------------------------------

1. Problem description

A bug was found in the kernel module loader code could allow a local
user to gain root privileges.
                                                                 
When a process requests a feature which is in a module, the kernel spawns
a child process, sets its euid and egid to 0 and calls execve("/sbin/modprobe")
The problem is that before the euid change the child process can be
attached to with ptrace(). The user can insert any code into a
process which will be run with the superuser privileges.
                                                        
It's a local root vulnerability. It's exploitable only if:
1. the kernel is built with modules and kernel module loader enabled
2. /proc/sys/kernel/modprobe contains the path to some valid executable
3. ptrace() calls are not blocked
                                                            
As a temporary workaround can be disabled kernel module loading.
Please be sure, that all needed kernel modules are loaded before use
of this workaround.
To use it, as root execute:
echo /foo/bar/file > /proc/sys/kernel/modprobe
                                                                
You can add this line to /etc/rc.d/rc.local to automate this process.
echo "echo /foo/bar/file > /proc/sys/kernel/modprobe" >> /etc/rc.d/rc.local
                                                                        
Updated kernel packages is available for SOT Linux 2002.
All SOT Linux 2002 users are advised to update kernel package.



2. Updated packages

SOT Linux 2002 Desktop:
 
i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/kernel-desktop-2.4.12-50.i386.rpm
 
SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/kernel-2.4.12-50.src.rpm
 
 
SOT Linux 2002 Server:
 
i386:
ftp://ftp.sot.com/updates/2002/Server/i386/kernel-server-2.4.12-50.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/kernel-source-2.4.12-50.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/kernel-2.4.12-50.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.
 
If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux
 
Update the package with the following command:
rpm -Uvh <filename>


4. Verification

All packages are PGP signed by SOT for security.
 
You can verify each package with the following command:
rpm --checksig <filename>
 
If you wish to verify the integrity of the downloaded package, run
"md5sum <filename>" and compare the output with data given below.
 
 
Package Name                         MD5 sum
----------------------------------------------------------------
/Desktop/i386/kernel-desktop-2.4.12-50.i386.rpm  36a438f249f92b20c9e644e376dceece
/Desktop/SRPMS/kernel-2.4.12-50.src.rpm          6e0b0b2e24636c07a3892a97c44a1d57
/Server/i386/kernel-server-2.4.12-50.i386.rpm    57f411a8829880fab3ce5ef796519556
/Server/i386/kernel-source-2.4.12-50.i386.rpm    99a61856a469012fa3d465e23234022d
/Server/SRPMS/kernel-2.4.12-50.src.rpm           6e0b0b2e24636c07a3892a97c44a1d57


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127
http://www.kernel.org/

Copyright(c) 2001-2003 SOT

----------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated samba package for SOT Linux 2002
Advisory ID:       SLSA-2003:18
Date:              Wednesday, April 23, 2003
Product:           SOT Linux 2002
----------------------------------------------------------------

1. Problem description

Multiple vulnerabilities were discovered in samba package:
                                                                                                               
 CAN-2003-0201
Buffer overflow in the call_trans2open function in trans2.c for 
Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, 
and Samba-TNG before 0.3.2, allows remote attackers to execute 
arbitrary code.
                                                                                                               
 CAN-2003-0196
Multiple buffer overflows in Samba before 2.2.8a may allow remote 
attackers to execute arbitrary code or cause a denial of service, 
as discovered by the Samba team and a different vulnerability than
CAN-2003-0201.
                                                                                                               
 CAN-2003-0085
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for 
SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, 
allows remote attackers to execute arbitrary code.
                                                                                                               
SOT Linux 2002 samba users are advised to update the packages.
                                                                                                           



2. Updated packages

SOT Linux 2002 Desktop:
 
i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/samba-2.2.8a-3.i386.rpm
ftp://ftp.sot.com/updates/2002/Desktop/i386/samba-common-2.2.8a-3.i386.rpm
ftp://ftp.sot.com/updates/2002/Desktop/i386/samba-client-2.2.8a-3.i386.rpm
 
SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/samba-2.2.8a-3.src.rpm
 
 
SOT Linux 2002 Server:
 
i386:
ftp://ftp.sot.com/updates/2002/Server/i386/samba-2.2.8a-3.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/samba-common-2.2.8a-3.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/samba-swat-2.2.8a-3.i386.rpm
ftp://ftp.sot.com/updates/2002/Server/i386/samba-client-2.2.8a-3.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/samba-2.2.8a-3.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.
 
If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux
 
Update the package with the following command:
rpm -Uvh <filename>


4. Verification

All packages are PGP signed by SOT for security.
 
You can verify each package with the following command:
rpm --checksig <filename> 
 
If you wish to verify the integrity of the downloaded package, run
"md5sum <filename>" and compare the output with data given below.
 
 
Package Name                         MD5 sum
----------------------------------------------------------------
/Desktop/i386/samba-2.2.8a-3.i386.rpm         caa373a3790e3e4cbdb55025997759e6
/Desktop/i386/samba-common-2.2.8a-3.i386.rpm  e09a2048808d81ef6d9111c9b4d7f83f
/Desktop/i386/samba-client-2.2.8a-3.i386.rpm  5b7bd5482faaca71097292b37f2083c8
/Desktop/SRPMS/samba-2.2.8a-3.src.rpm         0be8706461e5ea918ed6fae49bc74e7f
/Server/i386/samba-2.2.8a-3.i386.rpm          caa373a3790e3e4cbdb55025997759e6
/Server/i386/samba-common-2.2.8a-3.i386.rpm   e09a2048808d81ef6d9111c9b4d7f83f
/Server/i386/samba-client-2.2.8a-3.i386.rpm   5b7bd5482faaca71097292b37f2083c8
/Server/i386/samba-swat-2.2.8a-3.i386.rpm     4eda3c4d0fa074105fc77723c50e1c07
/Server/SRPMS/samba-2.2.8a-3.src.rpm          0be8706461e5ea918ed6fae49bc74e7f


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085
http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
http://www.samba.org/

Copyright(c) 2001-2003 SOT