dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Caldera Systems Security Advisory: security problems in ptrace and sysctl

Feb 08, 2001, 22:13 (1 Talkback[s])

Date: Thu, 8 Feb 2001 12:30:43 -0700
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Advisory: security problems in ptrace and sysctl CSSA-2001-009.0


                   Caldera Systems, Inc.  Security Advisory

Subject:                security problems in ptrace and sysctl
Advisory number:        CSSA-2001-009.0
Issue date:             2001 February, 08
Cross reference:

1. Problem Description

There are two security problems in 2.2 and 2.4 kernels.

By passing a negative offset to sysctl(), an attacker can read large parts of Linux kernel memory.

In addition, a race condition has been discovered that allows an attacker to attach via ptrace to a setuid process, allowing him to modify the running process.

2. Vulnerable Versions

   System                       Package

   OpenLinux 2.3                All packages previous to
                                linux-2.2.10-11

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder       linux-2.2.14-10S

   OpenLinux eDesktop 2.4       All packages previous to
                                linux-2.2.14-6
3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

8a0ef1cedca96379e5a1d1edb9c125ad RPMS/linux-kernel-binary-2.2.10-11.i386.rpm
f07baace0c59d53e224771ed08ebf997 RPMS/linux-kernel-doc-2.2.10-11.i386.rpm
32bcd0c87ea21059849f9a2d19f24b96 RPMS/linux-kernel-include-2.2.10-11.i386.rpm
6d8bf49f14207588b700c85534962f1d RPMS/linux-source-alpha-2.2.10-11.i386.rpm
05e01990ade901cabc13835fbdbb408d RPMS/linux-source-arm-2.2.10-11.i386.rpm
0fca33e2c7ba92a6d1bd07800b83a08c RPMS/linux-source-common-2.2.10-11.i386.rpm
0d779697b36fbad15c66fa5fb050982c RPMS/linux-source-i386-2.2.10-11.i386.rpm
548b09b70a84f25a7ce1b89e3a08dd52 RPMS/linux-source-m68k-2.2.10-11.i386.rpm
047d2b9fa3bba181a4cfa24938eb6992 RPMS/linux-source-mips-2.2.10-11.i386.rpm
f565161051887da728af6a5c9498fd72 RPMS/linux-source-ppc-2.2.10-11.i386.rpm
d054d7d142f3934dad724764c10c2366 RPMS/linux-source-sparc-2.2.10-11.i386.rpm
530cd4780c4a2985f7622a6f5d3b0e2d RPMS/linux-source-sparc64-2.2.10-11.i386.rpm
65294d6f7aa24446d29b8ad0a3e8110e RPMS/pcmcia-cs-3.0.14-2.i386.rpm
355b3b900f6991ae0952c820af0c47c6 SRPMS/linux-2.2.10-11.src.rpm
9cdf867c2e9ce4f30ee7c6075dfe44a3 SRPMS/pcmcia-cs-3.0.14-2.src.rpm
4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

          modprobe loop
          rpm -Fhv linux-*.i386.rpm pcmcia-*i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

9f0c065aa14dea81aa3328cf5714d52b RPMS/iBCS-2.1-5.i386.rpm
96ba2899df9086fc0f805844fedeff8d RPMS/iBCS-extras-2.1-5.i386.rpm
e1e8480264cdbb766b0ce72fdbd48210 RPMS/linux-kernel-binary-2.2.14-10S.i386.rpm
1ee722df6359d24b7e585aacb8551fd9 RPMS/linux-kernel-doc-2.2.14-10S.i386.rpm
c9645f600529def2cdebf44f6df5570c RPMS/linux-kernel-include-2.2.14-10S.i386.rpm
8eeed84077d1c91055f39751481ab241 RPMS/linux-source-alpha-2.2.14-10S.i386.rpm
d73db690f13f3aeb73d1c9f6d39fc041 RPMS/linux-source-arm-2.2.14-10S.i386.rpm
936b50d5e54a2bc0065d1027cdda9283 RPMS/linux-source-common-2.2.14-10S.i386.rpm
b2c92124ddda525c79c6eb25999577cd RPMS/linux-source-i386-2.2.14-10S.i386.rpm
072afe6e635c6db3d3cfc6150d711eb0 RPMS/linux-source-m68k-2.2.14-10S.i386.rpm
2591caa8b746764296920a56af41e176 RPMS/linux-source-mips-2.2.14-10S.i386.rpm
e08c380c2f28ad8518921d70e34febff RPMS/linux-source-ppc-2.2.14-10S.i386.rpm
33337a54e9e4a5b314755d2a510a7e32 RPMS/linux-source-sparc-2.2.14-10S.i386.rpm
c1eec98091fd9740bf7bfc6532e50820 RPMS/linux-source-sparc64-2.2.14-10S.i386.rpm
40019cca864690f2c38352a093f364c8 RPMS/pcmcia-cs-3.1.4-2.i386.rpm
14565258531852898ff0be9b5825dd7d SRPMS/iBCS-2.1-5.src.rpm
e5497fff424aa61632b022a07bc85912 SRPMS/linux-2.2.14-10S.src.rpm
5b92f68f680345805e1c77fd44d89a2a SRPMS/pcmcia-cs-3.1.4-2.src.rpm
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

          modprobe loop
          rpm -Fvh linux-*i386.rpm pcmcia*i386.rpm iBCS*i386.rpm
6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

67c7df7f573a831c5c46a643f7930499 RPMS/hwprobe-20000214-3.i386.rpm
ee79eb927480213cf57df6550086c432 RPMS/iBCS-2.1-9.i386.rpm
3f958c65965f370b500e9fbefbd0ce55 RPMS/iBCS-extras-2.1-9.i386.rpm
ff437f5400a7b7e301c233d0ff3a2320 RPMS/iBCS-module-2.1_2.2.14-9.i386.rpm
a339adde345ce87c95b27e553b597bc4 RPMS/linux-kernel-binary-2.2.14-6.i386.rpm
686725eb5aa1854b6e805bf0d1697995 RPMS/linux-kernel-doc-2.2.14-6.i386.rpm
a2b361bea7d2f7a0d56b9e2465d91fa6 RPMS/linux-kernel-include-2.2.14-6.i386.rpm
de2a84e9016fafe1df142e6587a2af73 RPMS/linux-source-alpha-2.2.14-6.i386.rpm
af53b5b1bc47489374fd690002345ea7 RPMS/linux-source-arm-2.2.14-6.i386.rpm
58d12902baae6f3baa693d14a760cbc3 RPMS/linux-source-common-2.2.14-6.i386.rpm
fbf9fbd017e612d1710170f3d7118c7f RPMS/linux-source-i386-2.2.14-6.i386.rpm
cad18295f0df7ca1eba19cf97384aeb6 RPMS/linux-source-m68k-2.2.14-6.i386.rpm
75942d127d7ef9b98c956e7cb4abac6b RPMS/linux-source-mips-2.2.14-6.i386.rpm
5c94b82aae50f4925d3a64ef9aae6412 RPMS/linux-source-ppc-2.2.14-6.i386.rpm
84eb1eff37fabd7d0f4df5ae025c0fd3 RPMS/linux-source-sparc-2.2.14-6.i386.rpm
1624e4bb66a6be2a1982809bf0f25e60 RPMS/linux-source-sparc64-2.2.14-6.i386.rpm
e34a47ff00e045d7aaa0c321e9444b33 RPMS/pcmcia-cs-3.1.8-2.i386.rpm
64bb4f963b374c2ae0be9b7cefc458da SRPMS/hwprobe-20000214-3.src.rpm
0c0a223b294aa311d9f9b3eecd57f2b3 SRPMS/iBCS-2.1-9.src.rpm
b7d59154a2ec54334b0d26f693336094 SRPMS/linux-2.2.14-6.src.rpm
141b5dcf89bc6976c5e8a7c15cd27e58 SRPMS/pcmcia-cs-3.1.8-2.src.rpm
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

       modprobe loop
       rpm -Fvh linux-*i386.rpm pcmcia*i386.rpm iBCS*i386.rpm hwprobe*i386.rpm
7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 9042.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

Caldera, Inc. wishes to thank Chris Evans, Solar Designer and Alan Cox for finding the bugs and their assistance in getting them fixed.