Debian: New openafs packages fix remote privilege escalation bug

    Date20 Mar 2007
    CategoryDebian
    4092
    Posted ByLinuxSecurity Advisories
    A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. It's possible for an attacker with knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary binary file appear to an AFS client host to be setuid. If they can then arrange for that binary to be executed, they will be able to achieve privilege escalation.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1271-1                This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Noah Meyerhans
    March 20, 2007
    - ------------------------------------------------------------------------
    
    Package        : openafs
    Vulnerability  : design error
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-1507
    
    A design error has been identified in the OpenAFS, a cross-platform
    distributed filesystem included with Debian.
    
    OpenAFS historically has enabled setuid filesystem support for the local
    cell.  However, with its existing protocol, OpenAFS can only use
    encryption, and therefore integrity protection, if the user is
    authenticated.  Unauthenticated access doesn't do integrity protection.
    The practical result is that it's possible for an attacker with
    knowledge of AFS to forge an AFS FetchStatus call and make an arbitrary
    binary file appear to an AFS client host to be setuid.  If they can then
    arrange for that binary to be executed, they will be able to achieve
    privilege escalation.
    
    OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid
    files globally, including the local cell.  It is important to note that
    this change will not take effect until the AFS kernel module, built from
    the openafs-modules-source package, is rebuilt and loaded into your
    kernel.  As a temporary workaround until the kernel module can be
    reloaded, setuid support can be manually disabled for the local cell by
    running the following command as root
    
          fs setcell -cell  -nosuid
    
    Following the application of this update, if you are certain there is
    no security risk of an attacker forging AFS fileserver responses, you
    can re-enable setuid status selectively with the following command,
    however this should not be done on sites that are visible to the
    Internet
    
          fs setcell -cell  -suid
    
    For the stable distribution (sarge), this problem has been fixed in
    version 1.3.81-3sarge2.  For the unstable distribution (sid) and the
    upcoming stable distribution (etch), this problem will be fixed in
    version 1.4.2-6.
    
    We recommend that you upgrade your openafs package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian 3.1 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.dsc
        Size/MD5 checksum:      851 45351031494d87ff12f1bf08d14533f9
      http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.diff.gz
        Size/MD5 checksum:   262444 5804a2d738b2ec24f4055489c6287dca
      http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81.orig.tar.gz
        Size/MD5 checksum: 13455346 d754e92f7a0cd9824991c850e001884c
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.3.81-3sarge2_all.deb
        Size/MD5 checksum:  4491356 e71b35c9862df561b51b67a3c90fafc9
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:  1111578 026440f88e9a4929dfe1c1eb7b5da586
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:  2227596 e5517039ed51c445dbc02fb13be3e952
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:   306552 b7afabee0f80a4bf00ab42eb84f165c2
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:   693726 76ce60f5f960fb68301d15653dea0873
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:   269148 928b0eab345fe24ec067dfe46540fce6
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_alpha.deb
        Size/MD5 checksum:  1878670 e75770cead20c34ba5f27f56d13689e9
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:   229812 ed52b06bdb86dc060a430efad6e5c1a2
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:  1442080 1a037eab6cf0e2701c127c85c06386ae
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:  1833326 f95cb03cff5282ee9acc5489ab0821b9
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:   246488 67f3c4fc899fd29353bf4c7a46e8976d
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:   555870 5996c7f12878a0202c036b30280fbc3f
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_amd64.deb
        Size/MD5 checksum:   884258 d57b751026bfd2b05aca393f55e83d1c
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:   250140 60ce4a5b1fe0c079d31e77f7d025c702
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:   919068 9ca7af6733d9e2f5601b8159016619a1
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:  1827790 256160195fcb04f911baa870aca98956
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:   555916 374b8b31f343785ff8d2e671e7e73eab
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:   248664 b3a8d024c19de251e2e190e54fe5cc10
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_hppa.deb
        Size/MD5 checksum:  1507594 2b07da638f4c0d3acbca303dcf2c3414
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:   205962 11e4dfaf88f70f36cf9d25d9c18998aa
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:   467028 752c5b703fa2f013ddd21817d82749f4
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:  1549640 05dba8404a3d8257e06b612cf07efc74
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:   783268 86567fbce7562f935b17a7e760bb9fbc
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:   217288 5008556d2e73108e1c3db41643df22b3
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_i386.deb
        Size/MD5 checksum:  1260276 d57b49ef1af6ca9c0b1b35066ecb20dd
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:  2591976 3f9a094d54d6e8c2dbec0f20f26acdc2
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:  1841346 3f696ba4ea1e97b4c2bdd4c8cbd0bf33
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:  1277708 e5fd2c145c6d5c9a401629bc595b531a
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:   310238 dfd2d50fd6750ac5a4e7ddcdd3ddd532
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:   767784 ddea6844bb5d1b686ac77e216cb254cc
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_ia64.deb
        Size/MD5 checksum:   350246 7098128a63c0031b4776888544f44a0c
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:   229680 adc0ee24b299a72a3080042526bdf335
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:   517686 a7b07d334d079e32aee66bb05d80711e
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:  1460156 d13af55e2d4f9a3d3a97495681f6b37b
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:   852198 da3a7270c45eda7d0a72c5793af0435b
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:   223486 6fcec53ed212b0950a680653cb2f829d
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_powerpc.deb
        Size/MD5 checksum:  1692132 9e26a7d34e736eb6150a616381619a7c
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:   212066 13397ac230bf12c3900a926a8b36fc31
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:  1536368 fab1b06025fb4b9db78b5358d832fd70
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:   224796 72c0a37213a8844e9862691eda755a3f
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:   762190 cc9f29f4e0a4c234d6a5d87237fb2c03
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:  1383788 2405aec9aad97354db6427f55d8ab988
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_s390.deb
        Size/MD5 checksum:   473242 13ecf61e03a031cce4171abbc3c9c045
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:  1542604 506c656b335f86e815fca789b1dc0c8a
      http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:   215842 b393c0429c1dfc36dbef36cc4d43bf2b
      http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:   775060 6a99cdcce7a5c83428fc48c607f0a02c
      http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:  1331494 30b726724767f17b90738f8bdd4e8b9f
      http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:   459596 c4b83804dd1ca1179af4919130ff0b0e
      http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_sparc.deb
        Size/MD5 checksum:   209508 0f73ab95372029f340702812b5928248
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.