Fedora: kernel 2.4.x Privilege escalation vulnerability
Summary
Fedora Legacy Update Advisory Synopsis: Updated kernel resolves security vulnerabilities Advisory ID: FLSA:1284 Issue date: 2004-03-02 Product: Red Hat Linux Keywords: Security Cross references: CVE Names: CAN-2004-0077, CAN-2004-0075, CAN-2004-0010, CAN-2004-0003 1. Topic: Updated kernel packages that fix security vulnerabilities which may allow local users to gain root privileges are now available. These packages also resolve other minor issues. 2. Relevent releases/architectures: Red Hat Linux 7.2 - i386, i586, i686, athlon Red Hat Linux 7.3 - i386, i586, i686, athlon Red Hat Linux 8.0 - i386, i586, i686, athlon 3. Problem description: The Linux kernel handles the basic functions of the operating system. Paul Starzetz discovered a flaw in return value checking in mremap() in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges. No exploit is currently available; however this issue is exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0077 to this issue. The Vicam USB driver in kernel versions prior to 2.4.25 does not use the copy_from_user function to access userspace, which crosses security boundaries. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0075 to this issue. Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could allow local privilege escalation. ncpfs is only used to allow a system to mount volumes of NetWare servers or print to NetWare printers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0010 to this issue. Alan Cox found issues in the R128 Direct Render Infrastructure that could allow local privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues. Fedora Legacy would like to thank Paul Starzetz from ISEC for reporting the issue CAN-2004-0077, and Dominic Hargreaves for providing backported rpms for all issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit for directions on how to configure yum and apt-get. 5. Bug IDs fixed: - 1284 - KERNEL: r128 dri AND do_mremap VMA limit local privilege escalation vulnerability 6. RPMs required: Red Hat Linux 7.2: SRPM: i386: i568: i686: athlon: Red Hat Linux 7.3: SRPM: i386: i568: i686: athlon: Red Hat Linux 8.0: SRPM: i386: i568: i686: athlon: 7. Verification: SHA1 sum Package Name 4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 7.2/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm f97d96d3238aa1bb314896699e280a31ed85529d 7.2/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm cf0e03315d942140fbb439521684705d25e59a8f 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm debfa2741248dccffdade72b8efe3b94d0e2483c 7.2/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm 989873968805dca5a7abd47dfb0c6dfca8a110b4 7.2/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm 17a5a3b267339f1b20870cdcf586f5784b632358 7.2/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm 15c40d84c061917f08e0c6b540bc49999ed18599 7.2/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm f1460dafa968105647f38983d795b2693692fbfd 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm 15f1ac18efcf20c6f7c2f1fdcd803562704e507f 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm 3c0fdeb92cd1d549b643bf91429dd1b79a067e77 7.2/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm c64a8cef6e9ec35454a397229b2a15a60bba5322 7.2/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm 4b1d86c6b9c706d5ed9561a2c4fc0628528ddc86 7.3/updates/SRPMS/kernel-2.4.20-30.7.legacy.src.rpm f97d96d3238aa1bb314896699e280a31ed85529d 7.3/updates/i386/kernel-2.4.20-30.7.legacy.athlon.rpm cf0e03315d942140fbb439521684705d25e59a8f 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i386.rpm d3e0a7b68e06af4045cd4f66d0a5864920dbd5b5 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i586.rpm debfa2741248dccffdade72b8efe3b94d0e2483c 7.3/updates/i386/kernel-2.4.20-30.7.legacy.i686.rpm 989873968805dca5a7abd47dfb0c6dfca8a110b4 7.3/updates/i386/kernel-BOOT-2.4.20-30.7.legacy.i386.rpm 17a5a3b267339f1b20870cdcf586f5784b632358 7.3/updates/i386/kernel-bigmem-2.4.20-30.7.legacy.i686.rpm 15c40d84c061917f08e0c6b540bc49999ed18599 7.3/updates/i386/kernel-doc-2.4.20-30.7.legacy.i386.rpm f1460dafa968105647f38983d795b2693692fbfd 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.athlon.rpm 15f1ac18efcf20c6f7c2f1fdcd803562704e507f 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i586.rpm 3c0fdeb92cd1d549b643bf91429dd1b79a067e77 7.3/updates/i386/kernel-smp-2.4.20-30.7.legacy.i686.rpm c64a8cef6e9ec35454a397229b2a15a60bba5322 7.3/updates/i386/kernel-source-2.4.20-30.7.legacy.i386.rpm 8eea381f80412a9421d25b1466d084cbbf5e1cee 8.0/updates/SRPMS/kernel-2.4.20-30.8.legacy.src.rpm 77ee4d29f593a4746e70a6ac55f9791d3183803e 8.0/updates/i386/kernel-2.4.20-30.8.legacy.athlon.rpm b1ba3b73d03294d4b31756eb6086bfffd4ef9958 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i386.rpm cd49df62f704ed4e11be197fdae0920de1e1c584 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i586.rpm 467c2613862985f16e07db103d7d88ab914ea73c 8.0/updates/i386/kernel-2.4.20-30.8.legacy.i686.rpm 63e243113b85a57ccaaaf0bcdf1468d7f8290001 8.0/updates/i386/kernel-BOOT-2.4.20-30.8.legacy.i386.rpm ea960ffbacd83cdb2b0ae78e612da5099121f77c 8.0/updates/i386/kernel-bigmem-2.4.20-30.8.legacy.i686.rpm 842cea04dad3976173afb6609c19615eff88aa8a 8.0/updates/i386/kernel-doc-2.4.20-30.8.legacy.i386.rpm e07e04ffef20d0f3fd66cd8cc46d7f2d7d1c2af0 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.athlon.rpm a2a81a0ebe3e7433e339881bd1ba6177f75599c8 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i586.rpm 8625244b0dca1a71fe9b74769f6376af9495b333 8.0/updates/i386/kernel-smp-2.4.20-30.8.legacy.i686.rpm 4f6b05bc2296a0b37bc9528fd0e36d4e8f69ff67 8.0/updates/i386/kernel-source-2.4.20-30.8.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum
Change Log
References
CVE -CVE-2004-0003 CVE -CVE-2004-0010 CVE -CVE-2004-0075 CVE -CVE-2004-0077 9. Contact: The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org 10. Special Notes: If you use lilo, you will have to edit your lilo.conf file and shorten the label of this kernel. The label is too long for lilo, but not for grub. -- Jesse Keating RHCE ( ) Fedora Legacy Team (http://www.fedoralegacy.org)
Update Instructions
