November 3, 2001

Connectiva Linux kernel advisory

Author: JT Smith

This announcement addresses several vulnerabilities in the linux
kernel:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : kernel
SUMMARY   : Several kernel vulnerabilities
DATE      : 2001-11-02 17:42:00
ID        : CLA-2001:432
RELEVANT
RELEASES  : 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0

- -------------------------------------------------------------------------

DESCRIPTION
 This announcement addresses several vulnerabilities in the linux
 kernel:
 
 1) Rafal Wojtczuk reported[1] two vulnerabilities[2][3] in the 2.2
 and 2.4 series of the linux kernel. The first vulnerability allows a
 local attacker to obtain root privileges. Working exploits have
 already been published.
 
 2) The second vulnerability reported by Rafal Wojtczuk allows a local
 user to execute a DoS attack by creating several deep symlinks. This
 will cause the kernel to spend almost an arbitrary amount of time on
 dereferencing a single symlink and prevent processes from running.
 
 3) Another vulnerability was discovered by Manfred Spraul and
 reported to Andi Kleen from SuSe. If syncookies are enabled and being
 sent by the kernel (during a synflood attack, for example), a remote
 attacker could initiate connections to ports protected by simple
 firewall rules such as the ones only filtering SYN packets. Because
 of the syncookies, the remote attacker doesn't have to send SYN
 packets to initiate the connection, only ACK ones, *but* with the
 correct magic cookie. In order to find the correct cookie, an
 attacker has to explore about 16 million values (2^24), which can be
 done in a few hours on a fast link.
 Use the following command to check if syncookies are enabled on your
 system:
 
 sysctl net.ipv4.tcp_syncookies
 
 A return value of "1" indicates that syncookies are enabled. To
 disable syncookies, execute the following as root:
 
 sysctl -w net.ipv4.tcp_syncookies=0
 
 On versions of the distribution that do not have the sysctl command,
 the following can be used to deactivate syncookies:
 
 echo 0 > /proc/sys/net/ipv4/tcp_syncookies
 
 And, to read the present value:
 
 cat /proc/sys/net/ipv4/tcp_syncookies
 
 The default for Conectiva Linux is to have the syncookies protection
 enabled at boot time. To change this behaviour, please edit the
 /etc/sysctl.conf file.
 
 The fix for the this vulnerability was provided by Andi Kleen with
 contributions from Dave Miller and Solar Designer. We would also like
 to thank Marcus Meissner for a good insight on the problem.
 The announcement of this vulnerability was coordinated with several
 other GNU/Linux distributions.
 
 4) Chris Wilson reported[4] a vulnerability[5] in the MAC filtering
 code of netfilter (kernel-2.4). An attacker could bypass MAC
 filtering rules by using fragmented packets.
 This vulnerability was also independently verified by Erick C.
 Jones[6] and Miklos Szeredi[7].
 
 This update also fixes a problem with the "aacraid" module, which can
 now be used with the Dell PowerEdge Expandable RAID Controller 3/Di.


SOLUTION
 All users should upgrade the kernel immediately.
 
 IMPORTANT: it is not possible to use apt to apply kernel updates.
 These packages have to be updated manually. Generic kernel update
 instructions can be found at
 http://distro.conectiva.com.br/atualizacoes/?idioma=en
 
 Kernel-2.2. users with Conectiva Linux 5.1, 6.0 or 7.0 should also
 upgrade the drbd package if it is being used. This upgrade can be
 made with apt as usual.
 
 
 REFERENCES
 1. http://www.securityfocus.com/archive/1/221337
 2. http://www.securityfocus.com/bid/3447 (ptrace)
 3. http://www.securityfocus.com/bid/3444 (symlink DoS)
 4.
 http://lists.samba.org/pipermail/netfilter-devel/2001-August/002050.html
 5. http://www.securityfocus.com/bid/3418 (MAC netfilter)
 6.
 http://lists.samba.org/pipermail/netfilter-devel/2001-August/002050.html
 7.
 http://lists.samba.org/pipermail/netfilter-devel/2001-September/002278.html


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/kernel-2.2.19-25U50_2cl.src.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-headers-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-smp-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-BOOT-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-ibcs-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-doc-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-source-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i386/kernel-2.2.19-25U50_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.0/i586/kernel-smp-2.2.19-25U50_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.0/i586/kernel-2.2.19-25U50_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-smp-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.0/i686/kernel-enterprise-2.2.19-25U50_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/SRPMS/kernel-2.2.19-25U51_2cl.src.rpmftp://atualizacoes.conectiva.com.br/5.1/SRPMS/drbd-utils-0.5.8-1U51_1cl.src.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-smp-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-headers-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-source-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-ibcs-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-BOOT-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-doc-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/kernel-2.2.19-25U51_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i586/kernel-smp-2.2.19-25U51_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.1/i586/kernel-2.2.19-25U51_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-smp-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-enterprise-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i686/kernel-2.2.19-25U51_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/drbd-utils-0.5.8-1U51_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/5.1/i386/drbd-utils-heartbeat-0.5.8-1U51_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/kernel-2.2.19-25U60_2cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/drbd-utils-0.5.8-1U60_2cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-enterprise-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-headers-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-ibcs-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-BOOT-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-doc-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-smp-2.2.19-25U60_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/kernel-source-2.2.19-25U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/drbd-utils-0.5.8-1U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/drbd-utils-heartbeat-0.5.8-1U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/kernel-2.2.19-25U70_2cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/drbd-utils-0.5.8-1U70_2cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/drbd-utils-0.5.8-1U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/drbd-utils-heartbeat-0.5.8-1U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-ibcs-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-enterprise-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-smp-2.2.19-25U70_2cl.i586.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-source-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-2.2.19-25U70_2cl.i686.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-headers-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-doc-2.2.19-25U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/kernel-BOOT-2.2.19-25U70_2cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE74vdI42jd0JmAcZARAmvlAKDBVNT/923NVIbVjv530aNW9dfcXwCgm+hi
vgrRrVHF42p0mkR/zDFGF8M=
=UMhb
-----END PGP SIGNATURE-----

Category:

  • Linux
Click Here!