[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernels patched?

Subject: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernels patched?
From: ProServe - Peter Batenburg <peter@xxxxxxxxxxx>
Date: Thu, 18 Oct 2001 19:37:11 +0200 (CEST)
Organization: ProServe (http://www.proserve.nl)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hia,

I found this just minutes ago on the openwall
(http://www.openwall.com/linux/) website:
October 18, 2001
Linux 2.2.19-ow3 fixes two Linux kernel vulnerabilities discovered by
Rafal Wojtczuk. Please refer to the Owl changelog for information on the
vulnerabilities and how they affect Owl. Of the two newly discovered
vulnerabilities, Linux 2.0.39-ow3 is only affected by the DoS.

And on http://www.openwall.com/Owl/CHANGES.shtml:
2001/10/18	kernel
SECURITY FIX	Severity: low to high, local, active

A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now
available. It contains fixes for two Linux kernel vulnerabilities
discovered by Rafal Wojtczuk <nergal at owl.openwall.com> and is strongly
recommended for use with Owl. One of the vulnerabilities affected
SUID/SGID execution by processes being traced with ptrace(2). It was
possible to trick the kernel into recognizing an unsuspecting SUID root
program as the (privileged) tracer process. Then, if that program would
execute a program supplied by the malicious user (with the user's
credentials), the user's program would inherit the ability to trace.
Fortunately, there's no program that would meet all of the requirements
for this attack in the default Owl install. However, certain supported
non-default configurations of Owl are affected. In particular, if
newgrp(1) is made available to untrusted users (which is a supported
owl-control setting) or certain third-party software which contains SUID
root binaries is installed, the vulnerability may become exploitable and
result in a local root compromise. The other vulnerability allowed for an
effective local DoS attack by causing the kernel to spend an almost
arbitrary amount of time on dereferencing a single symlink, without giving
a chance for processes to run.

Seems like another bug in the 2.2.19 kernel (not only with ow running).
Could Sun/Cobalt people please look in to this and see if this is a
problem?

Met vriendelijke groet/With kind regards,

Peter Batenburg

ProServe B.V.
Prisma 100
3364 DJ Sliedrecht
Tel.: 0184 - 423 815
Fax: 0184 - 417 160
http://www.proserve.nl

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender by replying the email and please remove
the files from your computer.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************

Follow-Ups:
- Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernels patched?
  - From: Jeff Lovell

Prev by Date: Re: [cobalt-security] Security violations - SPAM
Next by Date: Re: [cobalt-security] Security violations - SPAM
Previous by thread: [cobalt-security] How to check for Security Intrusions ?
Next by thread: Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernels patched?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index