Debian: Kernel vulnerability in brk()

    Date01 Dec 2003
    CategoryDebian
    2586
    Posted ByLinuxSecurity Advisories
    Recently multiple servers of the Debian project were compromised using aDebian developers account and an unknown root exploit. Forensicsrevealed a burneye encrypted exploit. Robert van der Meulen managed todecrypt the binary which revealed a kernel exploit. Usingthis bug it is possible for a userland program to trick the kernel intogiving access to the full kernel address space.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-403-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    December  1, 2003
    - ------------------------------------------------------------------------
    
    
    Package        : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18
    Vulnerability  : userland can access full kernel memory 
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CAN-2003-0961
    
    Recently multiple servers of the Debian project were compromised using a
    Debian developers account and an unknown root exploit. Forensics
    revealed a burneye encrypted exploit. Robert van der Meulen managed to
    decrypt the binary which revealed a kernel exploit. Study of the exploit
    by the Red Hat and SuSE kernel and security teams quickly revealed that
    the exploit used an integer overflow in the brk system call. Using
    this bug it is possible for a userland program to trick the kernel into
    giving access to the full kernel address space. This problem was found
    in September by Andrew Morton, but unfortunately that was too late for
    the 2.4.22 kernel release.
    
    This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
    2.6.0-test6 kernel tree. For Debian it has been fixed in version
    2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
    kernel images and version 2.4.18-11 of the alpha kernel images.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.0 (stable)
    - -------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.tar.gz
          Size/MD5 checksum:    69746 a4b642e03732748d6820524746ba2265
         http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
          Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.dsc
          Size/MD5 checksum:      874 6fe1a9a759850570f1609b77502c13bc
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.tar.gz
          Size/MD5 checksum:    24210 11373e2cf7e659f5a69c33f3f143fcaf
         http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.dsc
          Size/MD5 checksum:      798 14840782d3ae928fd453a7dba225bb7f
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.dsc
          Size/MD5 checksum:     1325 a77acb0743f3d3a16c00fa1cd4520e89
         http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.diff.gz
          Size/MD5 checksum:    66878 916d16dd46c59dd4314c45e48f33f043
    
      Architecture independent packages:
    
         http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14_all.deb
          Size/MD5 checksum:  1710438 5e6cb496150391a93558652c97fb214b
         http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb
          Size/MD5 checksum: 23903282 9d5cb5159bf76451dd32e75467ca6240
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-11_alpha.deb
          Size/MD5 checksum:  3514858 ec88046377537587469e5527f3633c65
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-11_alpha.deb
          Size/MD5 checksum:  3362836 f91eb5ef18c3413ae200c5b1679264cc
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-11_alpha.deb
          Size/MD5 checksum:  3512244 a46de1359655b3a05c99cd8211edd41f
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb
          Size/MD5 checksum: 12799424 966ecceeb16c5bf87cc31b9178d6add9
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.deb
          Size/MD5 checksum: 12425696 27b4defd9326ed5bac3a765977437354
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb
          Size/MD5 checksum:  8863312 17a9c0323f06ed3eda1d17bdaf443d50
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12_i386.deb
          Size/MD5 checksum:   230194 9e347c03ffaf24762ec8ad86f3c3c482
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12_i386.deb
          Size/MD5 checksum:  8797832 00ab7c9bf64614112684e60595e1fe30
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12_i386.deb
          Size/MD5 checksum:   230960 8ba2a811fb753a4b5083254c5ab402c2
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12_i386.deb
          Size/MD5 checksum:   227302 63e4524d17cb0dcf34774637293d2700
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12_i386.deb
          Size/MD5 checksum:  3525452 7f0208aa3bc2e9974590839d141c4ca3
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12_i386.deb
          Size/MD5 checksum:  3527346 6b321ce7efdc5d1f641ca4e14db1807e
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12_i386.deb
          Size/MD5 checksum:   228266 e05c768db8f79e76db1dbf39200075cc
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12_i386.deb
          Size/MD5 checksum:   227834 3799038b55f03ea7fcacef73e50a7b02
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12_i386.deb
          Size/MD5 checksum:  8704448 f8531f0d6173228a2f952e4ca80ee618
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12_i386.deb
          Size/MD5 checksum:  3524656 c40e3230e071e5917f3c82ef8d8a3b79
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12_i386.deb
          Size/MD5 checksum:  8661138 121c4860a88e6e0ef84941b044e655ee
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12_i386.deb
          Size/MD5 checksum:   226934 f29016331da939466d99fde7e6dbf0c4
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12_i386.deb
          Size/MD5 checksum:  3431968 37d14ba3820e331c7701c6dbc65440c7
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12_i386.deb
          Size/MD5 checksum:  3525938 0b4f3c22d96777bd95673e8c6ceb45a9
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12_i386.deb
          Size/MD5 checksum:  3525194 89b06e76e46487a2708317a7d2643519
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12_i386.deb
          Size/MD5 checksum:  8960026 e01cd0b938c75a247cc111855632934c
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12_i386.deb
          Size/MD5 checksum:  3524794 43c7a34c6428e7d79fb660b4a434aaae
         http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12_i386.deb
          Size/MD5 checksum:  8703034 a6d0829412575a9f7e6c227c5275a47b
    
    - -- 
    - ----------------------------------------------------------------------------
    Debian Security team <This email address is being protected from spambots. You need JavaScript enabled to view it.> 
    http://www.debian.org/security/
    Mailing-List: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)
    
    iD8DBQE/y6HGPLiSUC+jvC0RAnd9AKCKvn969KiqvmErdGNv1iJSgzTVxwCbBkWB
    IZdDr8fKKloX6PSe+tPOW68=
    =nGzM
    -----END PGP SIGNATURE-----
    
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter:  http://lists.netsys.com/full-disclosure-charter.html
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.