Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Slackware: 12.2 2009-230-01 Critical: Local Attack Memory Flaw

slackware
Calendar Grey August 19, 2009
Dist Slackware Esm H88
New kernel updates for Slackware address vulnerabilities that enable local users to achieve root privileges via memory-related exploits.
New Linux kernel packages are available for Slackware 12.2 and -current to address a security issue

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/linux-2.6.27.31/: Added new kernels and kernel packages for Linux 2.6.27.31 to address a bug in proto_ops structures which could allow a user to use the kernel sendpage operation to execute arbitrary code in page zero. This could allow local users to gain escalated privileges. This flaw was discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. For more information, see: https://www.cve.org/CVERecord?id=CVE-2009-2692 In addition, these kernels change CONFIG_DEFAULT_MMAP_MIN_ADDR kernel config option value to 4096, which should prevent the execution of arbitrary code by future NULL dereference bugs that might be found in the kernel. If you are compiling your own kernel, please check this option in your .config. If it is set to =0, you may wish to edit it to 4096 (or some other value 0) and then reconfigure, or the kernel will not have default protection

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical privilege escalation slackware kernel fix memory flaw local attack

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated kernel packages for Slackware 12.2 may be found here: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-firmware-2.6.27.31-noarch-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-generic-2.6.27.31-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31/kernel-headers-2.6.27.31_smp-x86-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/linux-2.6.27.31...

Read the Full Advisory

MD5 Signatures

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical privilege escalation slackware kernel fix memory flaw local attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the kernel packages as root, rebuild the initrd with mkinitrd, and reinstall LILO. For details on the process of updating the Slackware 12.2 kernels, see the README file in /patches/packages/linux-2.6.27.31/. To activate the mmap_min_addr protection in your /etc/sysctl.conf for 2.6.23 or newer kernels, simply install the package: installpkg kernel-mmap_min_addr-4096-noarch-1.tgz If you are building your own kernel from unfixed vanilla sources, the patch appropriate for your kernel may be applied to the source like this: cd /usr/src/linux zcat linux-2.6.x-CVE-2009-2692.diff.gz | patch -p1 --verbose

Your message here