Progeny Security Advisory: execve()/ptrace() exploit in Linux kernels prior to 2.2.19Apr 11, 2001, 12:01 (4 Talkback[s])
From: Progeny Security Team <firstname.lastname@example.org>
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-01A
Topic: execve()/ptrace() exploit in Linux kernels prior to 2.2.19 Category: kernel Module: kernel-image-2.2.* Announced: 2001-04-10 Credits: Wojciech Purczynski <email@example.com> BUGTRAQ <BUGTRAQ@securityfocus.com> Solar Designer <firstname.lastname@example.org> Affects: Progeny Debian (Linux kernels prior to 2.2.19) Debian GNU/Linux (Linux kernels prior to 2.2.19) Vendor-Status: New Version Released (kernel 2.2.19) Corrected: 2001-04-02
Progeny Only: NO
$Id: PROGENY-SA-2001-01,v 1.13 2001/04/10 23:19:36 laz Exp $
This is an update to advisory PROGENY-SA-2001-01. The sources.list line specified in Step 1 of the "UPDATING VIA APT-GET" section in the previous advisory was incorrect. This advisory fixes the error.
Linux kernels before 2.2.19 are vulnerable to a local root exploit.
This vulnerability exploits a race condition in the 2.2.x Linux kernel within the execve() system call.
By predicting the child-process sleep() within execve(), an attacker can use ptrace() or similar mechanisms to subvert control of the child process. If the child process is setuid, the attacker can cause the child process to execute arbitrary code at an elevated privilege.
There are also other known lesser security issues with Linux kernels prior to 2.2.19 which have been noted as fixed in the solution listed below. Details can be found in the Security Updates section at:
Local users can use available exploits to gain root privileges.
Upgrade to Linux kernel 2.2.19. You may use Progeny's kernel-image-2.2.19 package, version 1.81, for convenience.
No known workaround exists for this vulnerability.
UPDATING VIA APT-GET
deb http://archive.progeny.com/progeny updates/newton/
2. Update your cache of available packages for apt(8).
# apt-get update
3. Using apt(8), install the new kernel package. apt(8) will download
the update, verify it's integrity with md5, and then install the package on your system with dpkg(8).
# apt-get install kernel-image-2.2.19
4. Since this update installs a new kernel, the security fixes cannot
take effect until you reboot the system. When convenient, restart your system to start using the new kernel.
# shutdown -r now
UPDATING VIA DPKG
Filename MD5 Checksum
# wget http://archive.progeny.com/progeny/updates/newton/kernel-image-2.2.19_1.81_i386.deb
2. Use the md5sum command on the retrieved file to verify that it matches
the md5sum provided in this advisory:
# md5sum kernel-image-2.2.19_1.81_i386.deb
3. Then install the replacement package(s) using the dpkg command.
# dpkg --install kernel-image-2.2.19_1.81_i386.deb
4. Since this update installs a new kernel, the security fixes cannot take effect until you reboot the system. When convenient, restart your system to start using the new kernel.
# shutdown -r now
Linux kernels 2.4.0 and later are not affected by this problem.
pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team <email@example.com>