Linux Security
    Linux Security
    Linux Security

    Debian: kernel Privilege escalation vulnerability DSA-438-1

    Date 18 Feb 2004
    3672
    Posted By LinuxSecurity Advisories
    Due to missing function return value check of internal functions a local attacker can gain root privileges.
    
    Debian Security Advisory DSA 438-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                             Martin Schulze
    February 18th, 2004                      https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : kernel-source-2.4.18, kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-image-2.4.18-i386bf, kernel-patch-2.4.18-powerpc
    Vulnerability  : missing function return value check
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0077
    
    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical
    security vulnerability in the memory management code of Linux inside
    the mremap(2) system call.  Due to missing function return value check
    of internal functions a local attacker can gain root privileges.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.4.18-14.2 of kernel-source, version 2.4.18-14 of alpha
    images, version 2.4.18-12.2 of i386 images, version 2.4.18-5woody7
    of i386bf images and version 2.4.18-1woody4 of powerpc images.
    
    Other architectures will probably mentioned in a separate advisory or
    are not affected (m68k).
    
    For the unstable distribution (sid) this problem is fixed in version
    2.4.24-3 for source, i386 and alpha images and version 2.4.22-10 for
    powerpc images.
    
    This problem is also fixed in the upstream version of Linux 2.4.25 and
    2.6.3.
    
    We recommend that you upgrade your Linux kernel packages immediately.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.dsc
          Size/MD5 checksum:      664 38e578dda3dd54a5daa6b8badcac1a58
         https://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.diff.gz
          Size/MD5 checksum:    67490 e1ef6246f639481dfd8b3c5b15d8668e
         https://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
          Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.dsc
          Size/MD5 checksum:      876 7774c946590a5a80332ca920f67cc8ec
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.tar.gz
          Size/MD5 checksum:    24477 b9c0ba46774c2da3be69851110d6f2f9
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.dsc
          Size/MD5 checksum:     1193 b44a4e8f803bb2214bd0c4c3e9f88d81
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.tar.gz
          Size/MD5 checksum:    70044 f4caad005d02a1c7cadfa73bfc4952fb
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.dsc
          Size/MD5 checksum:      656 e091295663f495df0ea8273703decef0
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.tar.gz
          Size/MD5 checksum:    26249 f84d855e356c1f5290f6fe96d9e039c8
    
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.dsc
          Size/MD5 checksum:      713 7f68980058d55c40a037c6666354ffe9
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.tar.gz
          Size/MD5 checksum:    79541 bff712e95a6960659a0e96dab9732ed4
    
      Architecture independent components:
    
         https://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.2_all.deb
          Size/MD5 checksum:  1719692 32cb6638a9be7e7f7332152c04854bba
         https://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2_all.deb
          Size/MD5 checksum: 24133918 306f15a8a6279221394b6a8ac2c5a69c
    
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4_all.deb
          Size/MD5 checksum:    79274 8ea5d169fd45e464c1213e729e4e5368
    
      Alpha architecture:
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-14_alpha.deb
          Size/MD5 checksum:  3363042 9ee4da919ccec99281efdaaae303af73
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-14_alpha.deb
          Size/MD5 checksum:  3512422 47b306297211fd7079abb918bb10ef37
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-14_alpha.deb
          Size/MD5 checksum:  3515048 d0153184a825640d1fe64b905ab98de4
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-14_alpha.deb
          Size/MD5 checksum: 12425644 aa320665938f55d33bfc8a9593e4639f
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-14_alpha.deb
          Size/MD5 checksum: 12800414 2901b9a0ff3cabfbb4249ee2cbb94b43
    
      Intel IA-32 architecture:
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3412982 cad64cfd789bfa49fe5463a3b4a8a5bd
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3503440 02c707f32c72f98df9002c04006aae6b
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3504340 bd5e69e90ab3be3378f588abbfe23c79
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3504232 6ab9026a1484be3aaf7fa08217ae9c5c
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3505300 2ffc58a24a13bf0991be5b982026b6c5
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3504034 a448bb692b10914a3a7f7f1d9b16be96
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  3504256 349318073fbd9b6f3eae2b7bc5d65b54
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8797608 df96f2969970f149992e74cfd7838919
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8704208 b29d3a133a3d5485645a1428045481f2
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8703628 fdf8ddc2c2fdc0c5ceffb9f34b8dc00f
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8959706 da0efa81b152f5ce0e949ba00a58b1f0
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8660826 78ee935b25e3cb8e1d6affc13e78aa35
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12.2_i386.deb
          Size/MD5 checksum:  8863038 8b0605e449390dfd819e5543c79fe0e3
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12.2_i386.deb
          Size/MD5 checksum:   228532 83d533868f288d4bd7866cf4b3114321
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
          Size/MD5 checksum:   228084 dca93798c731513d7f8908c591fc4992
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12.2_i386.deb
          Size/MD5 checksum:   227546 99c579382f1c93af23cdedb9dfdce997
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
          Size/MD5 checksum:   231188 cae74563956d0a8757994959b101e5c0
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12.2_i386.deb      Size/MD5 checksum:   227180 eb3383f20e4123b964a6143fae4be03b
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12.2_i386.deb      Size/MD5 checksum:   230440 e4875246851ee5dd470bf61af43e2ef6
    
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody7_i386.deb
          Size/MD5 checksum:  3410436 8238f8f8d03b19071ca774e611c83cd5
         https://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody7_i386.deb
          Size/MD5 checksum:  6425110 e7e25ace06cd1edbb6967c3cae155e09
    
      PowerPC architecture:
    
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody4_powerpc.deb
          Size/MD5 checksum:  3432656 4116a684a091bbc46a94fcafc03ba50a
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody4_powerpc.deb
          Size/MD5 checksum:  9452588 ca305391d3dfe3aa0ab140a047d67df2
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody4_powerpc.deb
          Size/MD5 checksum: 10101958 d427f943297e02355545d7fa1a2ab263
         https://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody4_powerpc.deb
          Size/MD5 checksum: 10345492 4d6e160cb19df083c4d238f8ff1e4913
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  https://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  https://packages.debian.org/
    
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"13","type":"x","order":"1","pct":4.02,"resources":[]},{"id":"159","title":"False","votes":"310","type":"x","order":"2","pct":95.98,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    You have already voted for this poll.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.