dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Progeny Security Advisory: execve()/ptrace() exploit in Linux kernels prior to 2.2.19

Apr 09, 2001, 23:05 (1 Talkback[s])
Date:         Mon, 9 Apr 2001 06:31:22 -0500
Reply-To: Progeny Security Team <security@PROGENY.COM>
From: Progeny Security Team <security@PROGENY.COM>
Subject:      PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
              prior to 2.2.19

 PROGENY LINUX SYSTEMS -- SECURITY ADVISORY               PROGENY-SA-2001-01
 ---------------------------------------------------------------------------

    Topic:          execve()/ptrace() exploit in Linux kernels prior to
                    2.2.19

    Category:       kernel
    Module:         kernel-image-2.2.*
    Announced:      2001-04-04
    Credits:        Wojciech Purczynski  <wp@elzabsoft.pl>
                    BUGTRAQ <BUGTRAQ@securityfocus.com>
                    Solar Designer <solar@openwall.com>
    Affects:        Progeny Debian (Linux kernels prior to 2.2.19)
                    Debian GNU/Linux (Linux kernels prior to 2.2.19)
    Vendor-Status:  New Version Released (kernel 2.2.19)
    Corrected:      2001-04-02
    Progeny Only:   NO

    $Id: PROGENY-SA-2001-01,v 1.8 2001/04/09 08:38:10 csg Exp $

 ---------------------------------------------------------------------------


SYNOPSIS

Linux kernels before 2.2.19 are vulnerable to a local root exploit.


PROBLEM DESCRIPTION

This vulnerability exploits a race condition in the 2.2.x Linux kernel
within the execve() system call.

By predicting the child-process sleep() within execve(), an attacker
can use ptrace() or similar mechanisms to subvert control of the child
process.  If the child process is setuid, the attacker can cause the
child process to execute arbitrary code at an elevated privilege.

There are also other known lesser security issues with Linux kernels prior
to 2.2.19 which have been noted as fixed in the solution listed below.
Details can be found in the Security Updates section at:

    http://www.linux.org.uk/VERSION/relnotes.2219.html


IMPACT

Local users can use available exploits to gain root privileges.


SOLUTION

Upgrade to Linux kernel 2.2.19.  You may use Progeny's kernel-image-2.2.19
package, version 1.81, for convenience.


WORKAROUND

No known workaround exists for this vulnerability.


UPDATING VIA APT-GET

 1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
    update repository:

        deb http://archive.progeny.com/progeny/updates newton/

 2. Update your cache of available packages for apt(8).

    Example:

        # apt-get update

 3. Using apt(8), install the new kernel package.  apt(8) will download
    the update, verify it's integrity with md5, and then install the
    package on your system with dpkg(8).

    Example:

        # apt-get install kernel-image-2.2.19

 4. Since this update installs a new kernel, the security fixes cannot
    take effect until you reboot the system.  When convenient, restart
    your system to start using the new kernel.

    Example:

        # shutdown -r now


UPDATING VIA DPKG

 1. Using your preferred FTP/HTTP client to retrieve the following
    updated files from Progeny's update archive at:

    http://archive.progeny.com/progeny/updates/newton/

    Filename                             MD5 Checksum
    ------------------------------------ --------------------------------
    kernel-image-2.2.19_1.81_i386.deb    f72c383e22a064ec394cff50a84ab789

    Example:

        # wget http://archive.progeny.com/progeny/updates/newton/kernel-image-2.2.19_1.81_i386.deb

 2. Use the md5sum command on the retrieved file to verify that it matches
    the md5sum provided in this advisory:

    Example:

        # md5sum kernel-image-2.2.19_1.81_i386.deb

 3. Then install the replacement package(s) using the dpkg command.

    Example:

        # dpkg --install kernel-image-2.2.19_1.81_i386.deb

 4. Since this update installs a new kernel, the security fixes cannot
    take effect until you reboot the system.  When convenient, restart
    your system to start using the new kernel.

    Example:

        # shutdown -r now


MORE INFORMATION

Linux kernels 2.4.0 and later are not affected by this problem.

 ---------------------------------------------------------------------------


pub  1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>