dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


TurboLinux Security Announcement: Package: kernel-2.2.15 and earlier

Jun 20, 2000, 02:08 (0 Talkback[s])
(Other stories by Roger Luethi)

Date: Mon, 19 Jun 2000 18:05:57 -0700
From: Roger Luethi rluethi@turbolinux.com
To: tl-security-announce@www1.turbolinux.com
Subject: [TL-Security-Announce] Linux Kernel TLSA2000013-1


                        TurboLinux Security Announcement

        Package: kernel-2.2.15 and earlier
        Date: Monday June 19 17:45 PDT 2000

        Affected TurboLinux versions: 6.0.5 and earlier
        Vulnerability Type: local root compromise
        TurboLinux Advisory ID#:  TLSA2000013-1
        BugTraq ID#: 1322
        Credits: This vulnerability was discovered by Wojciech Purczynski.

A security hole was discovered in the package mentioned above. Please update the package in your installation as soon as possible.


1. Problem Summary

Originally this security bug was reported by Sendmail. An unsafe fgets() usage in sendmail's mail.local exposes the setuid() security hole in the Linux kernel. This vunlnerability allows local users to obtain root privilege by exploiting setuid root applications.

2. Impact

Any local user with an account can use this vulnerability to obtain root priviledges by exploiting setuid root applications.

3. a) Solution

Please read section 3. b) if you use "TurboLinux Data Server with DB2" or "TurboLinux Data Server Optimized for Oracle 8i".

Update the packages from our ftp server by running the following command for each package:

rpm -Uvh --nodeps --Force ftp_path_to_filename

Where ftp_path_to_filename is one of the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/kernel-utils-2.2.16-0.4.i386.rpm

The source RPM can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/kernel-2.2.16-0.4.src.rpm

**Note: You must rebuild and install the RPM if you choose to download and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE THE SECURITY HOLE.

Please verify the MD5 checksum of the update before you install:

MD5 sum Package Name


8861693c10c2a784f35ba603270d2ade kernel-2.2.16-0.4.i386.rpm
d527dcb4a491eae049a560cc6ff0a4e0 kernel-2.2.16-0.4.src.rpm
3d70924bf24c74c9d2173ab2b7e696b0 kernel-BOOT-2.2.16-0.4.i386.rpm
8138707ad72cea856d9aed01042870ae kernel-doc-2.2.16-0.4.i386.rpm
acca46851b1781a6c42e6a8a0a0a4426 kernel-headers-2.2.16-0.4.i386.rpm
b8f54e8971270827bf5b5df1520877b5 kernel-ibcs-2.2.16-0.4.i386.rpm
6b2a24f7d677aa0739a5a113f0621f4f kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
60aa909b603afa5fd895fbd693463e50 kernel-smp-2.2.16-0.4.i386.rpm
e2a15e2ee9679f390908861513effd94 kernel-source-2.2.16-0.4.i386.rpm
9668cfd45fac0332c304a4e9f78dc4c9 kernel-utils-2.2.16-0.4.i386.rpm

3. b) Solution for TurboLinux Data Server

This section only applies if you use "TurboLinux Data Server with DB2" or "TurboLinux Data Server Optimized for Oracle 8i".

Update the packages from our ftp server by running the following command for each package:

rpm -Uvh --nodeps --Force ftp_path_to_filename

Where ftp_path_to_filename is one of the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-BOOT-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-doc-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-headers-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-ibcs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-smp-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-source-2.2.16-0.4.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-utils-2.2.16-0.4.i386.rpm

The source RPM can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/TDS-kernel/kernel-2.2.16-0.4.src.rpm

**Note: You must rebuild and install the RPM if you choose to download and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE THE SECURITY HOLE.

Please verify the MD5 checksum of the update before you install:

MD5 sum Package Name


72b08a2760ef2f6ab7d1c3861bfb5d77 kernel-2.2.16-0.4.i386.rpm
872639a08f38b32f1879ad585b388624 kernel-2.2.16-0.4.src.rpm
6e9f553a05d85440d6405f539a0b0e25 kernel-BOOT-2.2.16-0.4.i386.rpm
eee26cc58861b1ebf8bf9cef5263aedf kernel-doc-2.2.16-0.4.i386.rpm
1f8f01f0b3e2d598ed1569ce99a25b75 kernel-headers-2.2.16-0.4.i386.rpm
a5fd0f5f1dcc175b324606dd26162238 kernel-ibcs-2.2.16-0.4.i386.rpm
a9957820afeb81274d6a15d2411213b6 kernel-pcmcia-cs-2.2.16-0.4.i386.rpm
a03c1aee79c2c7a9a8e92abd7df5ea08 kernel-smp-2.2.16-0.4.i386.rpm
8a669d467d515ad88f8710a13fd97ccb kernel-source-2.2.16-0.4.i386.rpm
138719960abc9eb52925f1507816cadf kernel-utils-2.2.16-0.4.i386.rpm

These packages are GPG signed by Turbolinux for security. Our key is available here:

http://www.turbolinux.com/security/tlgpgkey.asc

To verify a package, use the following command:

rpm --checksig name_of_rpm

To examine only the md5sum, use the following command:

rpm --checksig --nogpg name_of_rpm

**Note: Checking GPG keys requires RPM 3.0 or higher.


You can find more updates on our ftp server:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation and Server security updates
ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation and Server security updates

Our webpage for security announcements:

http://www.turbolinux.com/security

If you want to report vulnerabilities, please contact:

rt-security@turbolinux.com