Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2003-020.0] OpenLinux: kernel kmod/ptrace root exploit
From: security () sco com
Date: Mon, 12 May 2003 11:11:01 -0700

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: kernel kmod/ptrace root exploit
Advisory number:        CSSA-2003-020.0
Issue date:             2003 May 09
Cross reference:
______________________________________________________________________________


1. Problem Description

        The kernel module loader in the Linux kernel allows local users
        to gain root privileges by using ptrace to attach to a child
        process that is spawned by the kernel.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to linux-kernel-binary-2.4.13-21S.i386.rpm
                                        prior to linux-kernel-include-2.4.13-21S.i386.rpm
                                        prior to linux-source-UserMode-2.4.13-21S.i386.rpm
                                        prior to linux-source-alpha-2.4.13-21S.i386.rpm
                                        prior to linux-source-arm-2.4.13-21S.i386.rpm
                                        prior to linux-source-common-2.4.13-21S.i386.rpm
                                        prior to linux-source-cris-2.4.13-21S.i386.rpm
                                        prior to linux-source-i386-2.4.13-21S.i386.rpm
                                        prior to linux-source-ia64-2.4.13-21S.i386.rpm
                                        prior to linux-source-m68k-2.4.13-21S.i386.rpm
                                        prior to linux-source-mips-2.4.13-21S.i386.rpm
                                        prior to linux-source-parisc-2.4.13-21S.i386.rpm
                                        prior to linux-source-ppc-2.4.13-21S.i386.rpm
                                        prior to linux-source-s390-2.4.13-21S.i386.rpm
                                        prior to linux-source-sparc-2.4.13-21S.i386.rpm
                                        prior to linux-source-superH-2.4.13-21S.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to linux-kernel-binary-2.4.13-21D.i386.rpm
                                        prior to linux-kernel-include-2.4.13-21D.i386.rpm
                                        prior to linux-source-UserMode-2.4.13-21D.i386.rpm
                                        prior to linux-source-alpha-2.4.13-21D.i386.rpm
                                        prior to linux-source-arm-2.4.13-21D.i386.rpm
                                        prior to linux-source-common-2.4.13-21D.i386.rpm
                                        prior to linux-source-cris-2.4.13-21D.i386.rpm
                                        prior to linux-source-i386-2.4.13-21D.i386.rpm
                                        prior to linux-source-ia64-2.4.13-21D.i386.rpm
                                        prior to linux-source-m68k-2.4.13-21D.i386.rpm
                                        prior to linux-source-mips-2.4.13-21D.i386.rpm
                                        prior to linux-source-parisc-2.4.13-21D.i386.rpm
                                        prior to linux-source-ppc-2.4.13-21D.i386.rpm
                                        prior to linux-source-s390-2.4.13-21D.i386.rpm
                                        prior to linux-source-sparc-2.4.13-21D.i386.rpm
                                        prior to linux-source-superH-2.4.13-21D.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/RPMS

        4.2 Packages

        41748cdaf8d1809822b131c0c2c7b90a        linux-kernel-binary-2.4.13-21S.i386.rpm
        acaaf0982bd6ad7c945c3a463164b56c        linux-kernel-include-2.4.13-21S.i386.rpm
        588b015160d3c7e6ca649986de74d923        linux-source-UserMode-2.4.13-21S.i386.rpm
        f5dbb77015b314909a5242e58a3ac7b9        linux-source-alpha-2.4.13-21S.i386.rpm
        7f2472b4958d8b268d87525b29eefeaf        linux-source-arm-2.4.13-21S.i386.rpm
        80a201cbcb343a3ea565b045f882e1ce        linux-source-common-2.4.13-21S.i386.rpm
        dba74ba0f87828c6f82a98642986e271        linux-source-cris-2.4.13-21S.i386.rpm
        dd3048b40b323b96335efe17309fb5f3        linux-source-i386-2.4.13-21S.i386.rpm
        869c0409318d7a01264c7a7a42b8c51d        linux-source-ia64-2.4.13-21S.i386.rpm
        7341a22a39014c8a642a91c1cad50a29        linux-source-m68k-2.4.13-21S.i386.rpm
        e580fc559de6f8788112cce694e58784        linux-source-mips-2.4.13-21S.i386.rpm
        d2417933a143e47027d0bf00d7d4e96e        linux-source-parisc-2.4.13-21S.i386.rpm
        917579c9a6520dfb8791821d3e773181        linux-source-ppc-2.4.13-21S.i386.rpm
        d154580aea946574447b733e7ca09fcb        linux-source-s390-2.4.13-21S.i386.rpm
        247d115a3ecc81e93af2ae883dcf19ed        linux-source-sparc-2.4.13-21S.i386.rpm
        b5d1ecd0828b87d2a05b0d8044e29ab7        linux-source-superH-2.4.13-21S.i386.rpm

        4.3 Installation

        rpm -Fvh linux-kernel-binary-2.4.13-21S.i386.rpm
        rpm -Fvh linux-kernel-include-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-UserMode-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-alpha-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-arm-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-common-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-cris-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-i386-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-ia64-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-m68k-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-mips-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-parisc-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-ppc-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-s390-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-sparc-2.4.13-21S.i386.rpm
        rpm -Fvh linux-source-superH-2.4.13-21S.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/SRPMS

        4.5 Source Packages

        ddc96e148b473b86b63927b489f55404        linux-2.4.13-21S.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/RPMS

        5.2 Packages

        bd5364e5bf524dbd080e2a734afb47e2        linux-kernel-binary-2.4.13-21D.i386.rpm
        c7eb0c054673c38181336556b5bc6d96        linux-kernel-include-2.4.13-21D.i386.rpm
        d8ccf3ed3e5e0851b1d398a5143d4cb9        linux-source-UserMode-2.4.13-21D.i386.rpm
        53b4dcb71df1b2390ced22b62deed9ea        linux-source-alpha-2.4.13-21D.i386.rpm
        0e2f96279a30492ffca3e521449a4771        linux-source-arm-2.4.13-21D.i386.rpm
        011bcb383ea9badb519435874173d529        linux-source-common-2.4.13-21D.i386.rpm
        876483cc7a9448f2a06e11d8337ad201        linux-source-cris-2.4.13-21D.i386.rpm
        d89779ea77adf5a8e9f2efb999ae7ce4        linux-source-i386-2.4.13-21D.i386.rpm
        49cf9327d4826ca35d22f84788249abd        linux-source-ia64-2.4.13-21D.i386.rpm
        61a0979d2280ac6ab999ffe64f3b5caf        linux-source-m68k-2.4.13-21D.i386.rpm
        eb3018d64118f872485ed2bc342e7203        linux-source-mips-2.4.13-21D.i386.rpm
        7b2b03d3864637b0635e7d57c2a72610        linux-source-parisc-2.4.13-21D.i386.rpm
        14148ea7fbcfa4e001919a2caf409384        linux-source-ppc-2.4.13-21D.i386.rpm
        e8336b89d29093a7d9e3e8d09d1e2b30        linux-source-s390-2.4.13-21D.i386.rpm
        00908c06084007713bbcc03aa1ee8233        linux-source-sparc-2.4.13-21D.i386.rpm
        4c45777444c8ca91249b757c3984582e        linux-source-superH-2.4.13-21D.i386.rpm

        5.3 Installation

        rpm -Fvh linux-kernel-binary-2.4.13-21D.i386.rpm
        rpm -Fvh linux-kernel-include-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-UserMode-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-alpha-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-arm-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-common-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-cris-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-i386-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-ia64-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-m68k-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-mips-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-parisc-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-ppc-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-s390-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-sparc-2.4.13-21D.i386.rpm
        rpm -Fvh linux-source-superH-2.4.13-21D.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/SRPMS

        5.5 Source Packages

        73cad7e5db287a962de14109fa126354        linux-2.4.13-21D.src.rpm


6. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr876055, fz527562,
        erg712269, sr876810, fz527692, erg712288.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        Andrzej Szombierski <qq () kuku eu org> discovered and researched
        this vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2003-020.0] OpenLinux: kernel kmod/ptrace root exploit security (May 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]