[Full-Disclosure] [USN-30-1] Linux kernel vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 11/19/04

  • Next message: GuidoZ: "Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox"
    To: ubuntu-security-announce@lists.ubuntu.com
    Date: Fri, 19 Nov 2004 00:12:05 +0100
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-30-1 November 18, 2004
    linux-source-2.6.8.1 vulnerabilities
    CAN-2004-0883, CAN-2004-0949, and others
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    linux-image-2.6.8.1-3-386
    linux-image-2.6.8.1-3-686
    linux-image-2.6.8.1-3-686-smp
    linux-image-2.6.8.1-3-amd64-generic
    linux-image-2.6.8.1-3-amd64-k8
    linux-image-2.6.8.1-3-amd64-k8-smp
    linux-image-2.6.8.1-3-amd64-xeon
    linux-image-2.6.8.1-3-k7
    linux-image-2.6.8.1-3-k7-smp
    linux-image-2.6.8.1-3-power3
    linux-image-2.6.8.1-3-power3-smp
    linux-image-2.6.8.1-3-power4
    linux-image-2.6.8.1-3-power4-smp
    linux-image-2.6.8.1-3-powerpc
    linux-image-2.6.8.1-3-powerpc-smp

    The problem can be corrected by upgrading the affected package to
    version 2.6.8.1-16.1. You need to reboot the computer after doing a
    standard system upgrade to effect the necessary changes.

    Details follow:

    CAN-2004-0883, CAN-2004-0949:

      During an audit of the smb file system implementation within Linux,
      several vulnerabilities were discovered ranging from out of bounds
      read accesses to kernel level buffer overflows.
      
      To exploit any of these vulnerabilities, an attacker needs control
      over the answers of the connected Samba server. This could be
      achieved by man-in-the-middle attacks or by taking over the Samba
      server with e. g. the recently disclosed vulnerability in Samba 3.x
      (see CAN-2004-0882).
      
      While any of these vulnerabilities can be easily used as remote denial
      of service exploits against Linux systems, it is unclear if it is
      possible for a skilled local or remote attacker to use any of the
      possible buffer overflows for arbitrary code execution in kernel
      space. So these bugs may theoretically lead to privilege escalation
      and total compromise of the whole system.

    http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt:

      Several flaws have been found in the Linux ELF binary loader's
      handling of setuid binaries. Nowadays ELF is the standard format for
      Linux executables and libraries. setuid binaries are programs that
      have the "setuid" file permission bit set; they allow to execute a
      program under a user id different from the calling user and are
      mostly used to allow executing a program with root privileges to
      normal users.

      The vulnerabilities that were fixed in these updated kernel packages
      could lead Denial of Service attacks. They also might lead to
      execution of arbitrary code and privilege escalation on some
      platforms if an attacker is able to run setuid programs under some
      special system conditions (like very little remaining memory).

      Another flaw could allow an attacker to read supposedly unreadable,
      but executable suid binaries. The attacker can then use this to seek
      faults within the executable.

    http://marc.theaimsgroup.com/?l=linux-kernel&m=109776571411003&w=2:

      Bernard Gagnon discovered a memory leak in the mmap raw packet
      socket implementation. When a client application (in ELF format)
      core dumps, a region of memory stays allocated as a ring buffer.
      This could be exploited by a malicious user who repeatedly crashes
      certain types of applications until the memory is exhausted, thus
      causing a Denial of Service.

    Reverted 486 emulation patch:

      Ubuntu kernels for the i386 platforms are compiled using the i486
      instruction set for performance reasons. Former Ubuntu kernels
      contained code which emulated the missing instructions on real 386
      processors. However, several actual and potential security flaws
      have been discovered in the code, and it was found to be
      unsupportable. It might be possible to exploit these vulnerabilities
      also on i486 and higher processors.

      Therefore support for real i386 processors has ceased. This updated
      kernel will only run on i486 and newer processors.

      Other architectures supported by Ubuntu (amd64, powerpc) are not
      affected.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.diff.gz
          Size/MD5: 3083854 6c6205802319f9774bacae96e0215e9b
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1.dsc
          Size/MD5: 2119 bd3ecefdb8236a927ca0af02b575dc2d
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
          Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.1_all.deb
          Size/MD5: 6158782 88fdd5612e0c91ea71e97640a0fb7b9a
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.1_all.deb
          Size/MD5: 1438690 7a1c68e4b85dd8b00faaf559a343d925
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.1_all.deb
          Size/MD5: 36716930 7b97d784e561b7cde26191882b6764b6
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.1_all.deb
          Size/MD5: 305728 74735830ea74efa3d062eb48d945a629

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-generic_2.6.8.1-16.1_amd64.deb
          Size/MD5: 246130 a3b83c36daa55bd5da928aa9f0eeaa73
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-k8-smp_2.6.8.1-16.1_amd64.deb
          Size/MD5: 241556 c52eb545c7d02dfb3daed6963d63de23
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-k8_2.6.8.1-16.1_amd64.deb
          Size/MD5: 245240 dcaee9f4c01adc03b6412a1572ee0bbd
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-amd64-xeon_2.6.8.1-16.1_amd64.deb
          Size/MD5: 239834 cd9d74ff5e7f7f788c6a61776392c6e7
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_amd64.deb
          Size/MD5: 3176044 b5ccdb3732f81d90e4514ec88272b655
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-generic_2.6.8.1-16.1_amd64.deb
          Size/MD5: 14349546 a2ca8332e99848a722832debbc54656f
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-k8-smp_2.6.8.1-16.1_amd64.deb
          Size/MD5: 14824052 194df314c04b0dff5533447ee3e60813
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-k8_2.6.8.1-16.1_amd64.deb
          Size/MD5: 14858776 77f4c1b4c34097b54b2fcee760ea0060
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-amd64-xeon_2.6.8.1-16.1_amd64.deb
          Size/MD5: 14677266 55505fd066b07f357d635bb1afc3d782

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-386_2.6.8.1-16.1_i386.deb
          Size/MD5: 274702 f41d70a42ee38c74d49ef24f5c1d46cc
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-686-smp_2.6.8.1-16.1_i386.deb
          Size/MD5: 269116 fcf51ea7fa6358593a95ce16c0e6b566
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-686_2.6.8.1-16.1_i386.deb
          Size/MD5: 272350 8e3d25985b2f7578bcd0f792681a6d59
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-k7-smp_2.6.8.1-16.1_i386.deb
          Size/MD5: 269372 f590ae7dd326f071c7ea478c8ea942bb
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-k7_2.6.8.1-16.1_i386.deb
          Size/MD5: 272512 b0127d780e15371c4ad80c43f3aaaa74
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_i386.deb
          Size/MD5: 3216814 4eaa3e0d0a82754264b5f38b5f4b1647
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-386_2.6.8.1-16.1_i386.deb
          Size/MD5: 15495148 2ac9ddfda9c306b52edd9f96769ee043
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-686-smp_2.6.8.1-16.1_i386.deb
          Size/MD5: 16341528 f71d56afae0ced2a45eb7625cf022077
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-686_2.6.8.1-16.1_i386.deb
          Size/MD5: 16504398 5a7638e3f39fb22de05a2fd1a7ccbf4b
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-k7-smp_2.6.8.1-16.1_i386.deb
          Size/MD5: 16444912 3bd7f0ce55842a1b8f4f3edf69bbc697
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-k7_2.6.8.1-16.1_i386.deb
          Size/MD5: 16573874 2219c9c8ca315eaba1b03bb578c14076

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power3-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 210954 ac4d9d11672d6a2e0552d652f1269ff4
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power3_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 211752 e016ad7c0e83124384a8c9147fa88e80
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power4-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 210808 a1d0ad910a32770e4966c4b7e7dc2a74
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-power4_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 211446 05ce6bd870c4fb39c5d679b0ba8ba2d7
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-powerpc-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 211396 f927cb7855cea529445b8f2708ca2ac0
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3-powerpc_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 213070 0a0a0612917b8a47521f80ccfb8b3b24
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-headers-2.6.8.1-3_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 3294420 034e87b6d1147de130a0a57e18f86461
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power3-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 16362792 3fad8b328bf30241e429c0d144818747
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power3_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 15938436 150a04e8bbc4a6d17a18153748f090dc
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power4-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 16344302 07c06af308187dc284ba32aa76962d46
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-power4_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 15917192 702c4de81e48ff65c5c434379d2eb770
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-powerpc-smp_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 16284782 242eced9657e4929022631395d122025
        http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-image-2.6.8.1-3-powerpc_2.6.8.1-16.1_powerpc.deb
          Size/MD5: 15966616 b412f10fcdcb6e6ade95d7a7203bf7ba

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: GuidoZ: "Re: [in] Re: [Full-Disclosure] IE is just as safe as FireFox"

    Relevant Pages