Your message dated Sun, 06 Mar 2005 21:02:35 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#298233: fixed in kernel-patch-adamantix 1.7 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 5 Mar 2005 21:46:29 +0000 >From [EMAIL PROTECTED] Sat Mar 05 13:46:29 2005 Return-path: <[EMAIL PROTECTED]> Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D7h6T-0006No-00; Sat, 05 Mar 2005 13:46:29 -0800 Received: from dragon.kitenet.net (n195-212.wireless.ubc.ca [128.189.195.212]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK)) by kitenet.net (Postfix) with ESMTP id D33B817F9A for <[EMAIL PROTECTED]>; Sat, 5 Mar 2005 21:46:28 +0000 (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id C91346E0D3; Sat, 5 Mar 2005 13:49:18 -0800 (PST) Date: Sat, 5 Mar 2005 13:49:17 -0800 From: Joey Hess <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: PaX privilege elevation security bug Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: kernel-patch-adamantix Version: 1.6 Severity: grave Tags: security PaX is included in kernel-patch-adamantix. ----- Forwarded message from [EMAIL PROTECTED] ----- =46rom: [EMAIL PROTECTED] Date: Sat, 05 Mar 2005 01:43:44 +0100 To: bugtraq@securityfocus.com Cc: full-disclosure@lists.netsys.com Subject: PaX privilege elevation security bug Reply-To: [EMAIL PROTECTED] X-mailer: Pegasus Mail for Windows (4.21c) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PaX privilege elevation security bug Severity: critical Description: unprivileged users can execute arbitrary code with the privileges of the target in any program they or other users can execute it is definitely exploitable for local users, remote exploitability depends on how much control one can have over executable file mappings in the target Affected versions: all releases since 2003 September (when vma mirroring was introduced) Affected configurations: anyone having SEGMEXEC or RANDEXEC (vma mirroring) in the kernel's .config file Fixed versions: patches released today, see http://pax.grsecurity.net Mitigation: echo "0 0" > /proc/sys/vm/pagetable_cache this will eliminate the obvious exploit vector only, patching is still unavoidable Technical details will be posted to the dailydave mailing list, probably early next week. This is a spectacular fuckup, it pretty much destroys what PaX has always stood and been trusted for. For this and other reasons, PaX will be terminated on 1st April, 2005, a fitting date... Brad Spengler offered to take it up but if you're interested in helping as well, contact [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQikAPJVtI2Y58IG/EQJbjQCfe0KzZvFRQhzIImxBsbaOBvmQOTcAoIwk 0mFNuwmsx2F3efahYd3bU3mT =3DyPeF -----END PGP SIGNATURE----- ----- End forwarded message ----- --=20 see shy jo --jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCKildd8HHehbQuO8RAqFrAJ9Fh/5aZiTQhklXwy4+en2F8u5b1wCeNiGk 2w2t7lMK1YDIk01zVKVpBP0= =OV7Y -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- --------------------------------------- Received: (at 298233-close) by bugs.debian.org; 7 Mar 2005 02:09:12 +0000 >From [EMAIL PROTECTED] Sun Mar 06 18:09:12 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D87gG-0000Q4-00; Sun, 06 Mar 2005 18:09:12 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1D87Zr-0001WF-00; Sun, 06 Mar 2005 21:02:35 -0500 From: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#298233: fixed in kernel-patch-adamantix 1.7 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Sun, 06 Mar 2005 21:02:35 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: kernel-patch-adamantix Source-Version: 1.7 We believe that the bug you reported is fixed in the latest version of kernel-patch-adamantix, which is due to be installed in the Debian FTP archive: kernel-patch-adamantix_1.7.dsc to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.7.dsc kernel-patch-adamantix_1.7.tar.gz to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.7.tar.gz kernel-patch-adamantix_1.7_all.deb to pool/main/k/kernel-patch-adamantix/kernel-patch-adamantix_1.7_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated kernel-patch-adamantix package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 7 Mar 2005 01:05:55 +0100 Source: kernel-patch-adamantix Binary: kernel-patch-adamantix Architecture: source all Version: 1.7 Distribution: unstable Urgency: high Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> Description: kernel-patch-adamantix - Kernel patches introduced in Adamantix Closes: 298233 Changes: kernel-patch-adamantix (1.7) unstable; urgency=high . * Fix privilege escalation bug in PaX (Closes: #298233) For more information http://seclists.org/lists/bugtraq/2005/Mar/0106.html This is [BID-12729] (no CVE reference assigned yet) This is a deviation from upstream since Adamantix does not yet provide the patch. This issue is tracked in Adamantix as Issue #413. For more information see: http://www.adamantix.org/wiki/IssueNo0413PaXPrivilegeElevationSecurityBug IMPORTANT NOTE: This is also an _UNTESTED_ patch, I had to manually derive this by comparing the patchset pax-linux-2.4.29-200503050030.patch vs pax-linux-2.4.29-200502120800.patch and the changes I might have introduced might not be accurate. Please provide feedback in the BTS. * For those that do not want to use this patch and would rather use upstream's: - Provide the original PaX patchset in the Debian sources and as a kpatch file. These are only available for 2.4.29, though. - Provide the original RSBAC patch (version 1.2.4 plus bugfixes -1 and -2) also in the Debian sources and as a kpatch file. These are only available for 2.4.29 [ I'm actually considering changing this package's patch into a number of patches (instead of a unified single patch) to make it easier to update upstream's patches. ] Files: 41885ded94d76722e51b2d297e8c1125 687 devel extra kernel-patch-adamantix_1.7.dsc 923cbaebce5312b936908762a66c0569 3176874 devel extra kernel-patch-adamantix_1.7.tar.gz b0245798bb2c3b37e38c29ee9920d786 2504610 devel extra kernel-patch-adamantix_1.7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iQCVAwUBQiuu8vtEPvakNq0lAQIakgQAmju1pNk5KBizMvqCnR+EF1/jnsCptmkF OgbYqNaUgZ6UryNq4xSltdxbc3Tzyxmf9r74Ic2We7V40DQ1XsHMektatvLGzXX7 pkaxVcN5iEGhkAGshCifsvyaV5UHHmypWiVllYhCWILOYL5gFGjnroJ5K4tcg6g2 JeWJ2gpISeM= =MmZC -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]