[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 82/04 -Debian Security Briefings



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 82/04 dated 25.02.04  Time: 10:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Debian Security Briefings:

1. DSA 439-1 - New Linux 2.4.16 packages fix several local root exploits (arm)

2. DSA 440-1 - New Linux 2.4.17 packages fix several local root exploits (powerpc/apus)

3. DSA 441-1 - New Linux 2.4.17 packages fix local root exploit (mips+mipsel)


Detail
====== 

1. Several local root exploits have been discovered recently in the Linux kernel. 
   This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. 

2. Several local root exploits have been discovered recently in the Linux kernel.  
   This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. 

3. Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security
   vulnerability in the memory management code of Linux inside the mremap(2) system 
   call.  Due to missing function return value check of internal functions a local 
   attacker can gain root privileges.




1.          ESB-2004.0135 -- Debian Security Advisory DSA 439-1
      New Linux 2.4.16 packages fix several local root exploits (arm)
                             20 February 2004


Product:                kernel
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0 alias woody
                        Linux
Platform:               ARM
Impact:                 Root Compromise
Access Required:        Existing Account
CVE Names:              CAN-2003-0961 CAN-2003-0985 CAN-2004-0077

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 439-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
February 18th, 2004                     http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : kernel-image-2.4.16-lart, kernel-image-2.4.16-netwinder,  kernel-image-2.4.16-riscpc, kernel-patch-2.4.16-arm
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2003-0961 CAN-2003-0985 CAN-2004-0077

Several local root exploits have been discovered recently in the Linux kernel.  This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux.  The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

CAN-2003-0961:

   An integer overflow in brk() system call (do_brk() function) for
   Linux allows a local attacker to gain root privileges.  Fixed
   upstream in Linux 2.4.23.

CAN-2003-0985:

   Paul Starzetz discovered a flaw in bounds checking in mremap() in
   the Linux kernel (present in version 2.4.x and 2.6.x) which may
   allow a local attacker to gain root privileges.  Version 2.2 is not
   affected by this bug.  Fixed upstream in Linux 2.4.24.

CAN-2004-0077:

   Paul Starzetz and Wojciech Purczynski of isec.pl discovered a
   critical security vulnerability in the memory management code of
   Linux inside the mremap(2) system call.  Due to missing function
   return value check of internal functions a local attacker can gain
   root privileges.  Fixed upstream in Linux 2.4.25 and 2.6.3.

For the stable distribution (woody) this problem has been fixed in version 2.4.26/20040204 of lart, netwinder and riscpc image and in version 20040204 of kernel-patch-2.4.16-arm.

Other architectures will probably mentioned in a separate advisory or are not affected (m68k).

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your Linux kernel packages immediately.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204.dsc
      Size/MD5 checksum:      562 7bd0b443e490132da8f26188ca560f75
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204.tar.gz
      Size/MD5 checksum:   579045 853b5f05e03217dfb47f28cf852dca4c

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204.dsc
      Size/MD5 checksum:      586 e2cb96946739cfffd4327ae1e218a982
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204.tar.gz
      Size/MD5 checksum:    16443 9b5b8c8311cc6ba23abc2e121882281a

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204.dsc
      Size/MD5 checksum:      624 d2258e373574684da142a45ecfc4312f
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204.tar.gz
      Size/MD5 checksum:    21783 fc07fb8db829045ef9a8ee6881e1af48

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204.dsc
      Size/MD5 checksum:      592 f2252946f185d1c52796a68a1d442cb0
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204.tar.gz
      Size/MD5 checksum:    19104 144bfd5b87a5daccf879049334b24bcd

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204_all.deb
      Size/MD5 checksum:   583148 6a4951879008cc3d882d6a30112d0cbc

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204_arm.deb
      Size/MD5 checksum:   717092 eb20d52fed79cfe95981f1838bc38e0c

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040204_arm.deb
      Size/MD5 checksum:  3421140 3e0dfbdcb48437ab733d43c92deb0157
    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204_arm.deb
      Size/MD5 checksum:  6671136 72f1f771e847c593e83179b6dbda4074

    http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204_arm.deb
      Size/MD5 checksum:  2910348 c4fab31d10a137738aeb722eb7358488


  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAM24FW5ql+IAeqTIRAnfGAKCL/DNBX0AbM1Z3FQAgydBWG277ogCeInX7
n/gIgC3CKmo3hymySIFKXS4=
=H3CA
- - -----END PGP SIGNATURE-----







2.          ESB-2004.0136 -- Debian Security Advisory DSA 440-1 
 New Linux 2.4.17 packages fix several local root exploits (powerpc/apus)
                             20 February 2004


Product:                kernel
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0 alias woody
                        Linux
Platform:               PowerPC
Impact:                 Root Compromise
Access Required:        Existing Account
CVE Names:              CAN-2003-0961 CAN-2003-0985 CAN-2004-0077

Ref:                    ESB-2004.0092

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 440-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
February 18th, 2004                     http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : kernel-source-2.4.17, kernel-patch-2.4.17-apus
Vulnerability  : several vulnerabilities
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2003-0961 CAN-2003-0985 CAN-2004-0077

Several local root exploits have been discovered recently in the Linux kernel.  This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux.  The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

CAN-2003-0961:

   An integer overflow in brk() system call (do_brk() function) for
   Linux allows a local attacker to gain root privileges.  Fixed
   upstream in Linux 2.4.23.

CAN-2003-0985:

   Paul Starzetz discovered a flaw in bounds checking in mremap() in
   the Linux kernel (present in version 2.4.x and 2.6.x) which may
   allow a local attacker to gain root privileges.  Version 2.2 is not
   affected by this bug.  Fixed upstream in Linux 2.4.24.

CAN-2004-0077:

   Paul Starzetz and Wojciech Purczynski of isec.pl discovered a
   critical security vulnerability in the memory management code of
   Linux inside the mremap(2) system call.  Due to missing function
   return value check of internal functions a local attacker can gain
   root privileges.  Fixed upstream in Linux 2.4.25 and 2.6.3.

For the stable distribution (woody) these problems have been fixed in version 2.4.17-4 of powerpc/apus images.

Other architectures will probably mentioned in a separate advisory or are not affected (m68k).

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your Linux kernel packages immediately.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2.dsc
      Size/MD5 checksum:      690 f4f41d8b5ce68462139eadff5e340b2f
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2.diff.gz
      Size/MD5 checksum:    38791 17b8f97671d0f1be7c595123bcf0c86c
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
      Size/MD5 checksum: 29445154 d5de2a4dc49e32c37e557ef856d5d132

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4.dsc
      Size/MD5 checksum:      667 beff21e365dba9487c3d1009e6bb8ce7
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4.tar.gz
      Size/MD5 checksum:   489649 3feef2fdda2cb1385e12fb18b33c3787

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody2_all.deb
      Size/MD5 checksum:  1719904 4299b7aeebc01ede7eb5a2f2f5ba0b45
    http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2_all.deb
      Size/MD5 checksum: 23878388 15202df8a94f2aa17f09382f520021fc

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-4_powerpc.deb
      Size/MD5 checksum:  3365696 0f03db43dd1c83a6c02cbd474ae54685
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-4_powerpc.deb
      Size/MD5 checksum:  2210948 1f12b255f6644f144e3426fa5865b27e
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-4_powerpc.deb
      Size/MD5 checksum:     4078 6a495ea4088b900129c60dd769f7da8d
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4_powerpc.deb
      Size/MD5 checksum:   490346 41eebb692f46cfcb118818048de6d6ad


  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAM3DlW5ql+IAeqTIRAqpmAJ4n6NdLtH1qfxsUT+nf41cmUCelegCdGkEV
HytLLKoXe2SHa9h5reVs61I=
=C8hr
- - -----END PGP SIGNATURE-----





3. 
            ESB-2004.0137 -- Debian Security Advisory DSA 441-1
      New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
                             20 February 2004


Product:                kernel
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0 alias woody
Platform:               MIPS
Impact:                 Root Compromise
Access Required:        Existing Account
CVE Names:              CAN-2004-0077

Ref:                    ESB-2004.0092

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 441-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
February 18th, 2004                     http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : kernel-patch-2.4.17-mips
Vulnerability  : missing function return value check
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0077

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call.  Due to missing function return value check of internal functions a local attacker can gain root privileges.

For the stable distribution (woody) this problem has been fixed in version 2.4.17-0.020226.2.woody5 for mips and mipsel kernel images.

Other architectures will probably mentioned in a separate advisory or are not affected (m68k).

For the unstable distribution (sid) this problem will be fixed soon with the next upload of a 2.4.19 kernel image and in version 2.4.22-0.030928.3 for 2.4.22 for the mips and mipsel architectures.

This problem is also fixed in the upstream version of Linux 2.4.25 and 2.6.3.

We recommend that you upgrade your Linux kernel packages immediately.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5.dsc
      Size/MD5 checksum:      786 b96d0f387a948cf64a07e6d6c5102b30
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5.tar.gz      Size/MD5 checksum:  1138658 dc1df0219c33c0de14ffd22ea8585ad5

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5_all.deb
      Size/MD5 checksum:  1138888 ba735096447ec98541c3d35838348e95

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody5_mips.deb
      Size/MD5 checksum:  3475886 0e2394ed3cee2a7dafa2d75a7a2042e6
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody5_mips.deb
      Size/MD5 checksum:  2042458 1585029d1c0b32ce770a29d74b3720f8
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody5_mips.deb
      Size/MD5 checksum:  2042414 83894b6f444b63c57a34051be23f8e04

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody5_mipsel.deb
      Size/MD5 checksum:  3474568 099f3c8bc36668123c2414aa861805c0
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody5_mipsel.deb
      Size/MD5 checksum:  2197826 defe3a975447f16b14f5d52b61991458
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody5_mipsel.deb
      Size/MD5 checksum:  2193704 89fc943ed1530fd0da6ca7a0303acb93
    http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody5_mipsel.deb
      Size/MD5 checksum:    15114 65e08c5c4f432a537641b6b3a76a3c42


  These files will probably be moved into the stable distribution on
  its next revision.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAM4TyW5ql+IAeqTIRAjFfAKCcLvFs46ANIjAfNGN1g1lYCizZ2ACeJMl8
NKniEaKX2hBjRHeZ+0LS0Ro=
=7KpS


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQDx7Popao72zK539AQEooQQAjmgsj8BuhtkA2gnR+bvG5V4AjRwQuRDQ
/peBD96nyUbN7QY1kY1p48W8ga2pqZvkkR7QtpVSQ3Ll0Bj50Bz6x3CtvG+eh3m5
DYEvgGYvFL7f4p7mgCyOyw8Zn03zaWT9GUw7CZCsT0Oy4X1oHB7hDOSXDZMNAKrF
we5vDz5lVjU=
=ETFQ
-----END PGP SIGNATURE-----