On the subject of "how much damage can be done" to your kernel, here's the latest alert (from Debian, but it affects all Linux kernels of course)
-jim -----Forwarded Message----- > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel > memory > Date: Mon, 01 Dec 2003 21:17:12 +0100 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-403-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Wichert Akkerman > December 1, 2003 > - ------------------------------------------------------------------------ > > > Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, > kernel-source-2.4.18 > Vulnerability : userland can access full kernel memory > Problem type : local > Debian-specific: no > CVE Id(s) : CAN-2003-0961 > > Recently multiple servers of the Debian project were compromised using a > Debian developers account and an unknown root exploit. Forensics > revealed a burneye encrypted exploit. Robert van der Meulen managed to > decrypt the binary which revealed a kernel exploit. Study of the exploit > by the RedHat and SuSE kernel and security teams quickly revealed that > the exploit used an integer overflow in the brk system call. Using > this bug it is possible for a userland program to trick the kernel into > giving access to the full kernel address space. This problem was found > in September by Andrew Morton, but unfortunately that was too late for > the 2.4.22 kernel release. > > This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and > 2.6.0-test6 kernel tree. For Debian it has been fixed in version > 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 > kernel images and version 2.4.18-11 of the alpha kernel images. > > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian 3.0 (stable) > - ------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.tar.gz > Size/MD5 checksum: 69746 a4b642e03732748d6820524746ba2265 > > http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz > Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.dsc > Size/MD5 checksum: 874 6fe1a9a759850570f1609b77502c13bc > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.tar.gz > Size/MD5 checksum: 24210 11373e2cf7e659f5a69c33f3f143fcaf > > http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.dsc > Size/MD5 checksum: 798 14840782d3ae928fd453a7dba225bb7f > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.dsc > Size/MD5 checksum: 1325 a77acb0743f3d3a16c00fa1cd4520e89 > > http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.diff.gz > Size/MD5 checksum: 66878 916d16dd46c59dd4314c45e48f33f043 > > Architecture independent packages: > > > http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14_all.deb > Size/MD5 checksum: 1710438 5e6cb496150391a93558652c97fb214b > > http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb > Size/MD5 checksum: 23903282 9d5cb5159bf76451dd32e75467ca6240 > > alpha architecture (DEC Alpha) > > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-11_alpha.deb > Size/MD5 checksum: 3514858 ec88046377537587469e5527f3633c65 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-11_alpha.deb > Size/MD5 checksum: 3362836 f91eb5ef18c3413ae200c5b1679264cc > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-11_alpha.deb > Size/MD5 checksum: 3512244 a46de1359655b3a05c99cd8211edd41f > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb > Size/MD5 checksum: 12799424 966ecceeb16c5bf87cc31b9178d6add9 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.deb > Size/MD5 checksum: 12425696 27b4defd9326ed5bac3a765977437354 > > i386 architecture (Intel ia32) > > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb > Size/MD5 checksum: 8863312 17a9c0323f06ed3eda1d17bdaf443d50 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12_i386.deb > Size/MD5 checksum: 230194 9e347c03ffaf24762ec8ad86f3c3c482 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12_i386.deb > Size/MD5 checksum: 8797832 00ab7c9bf64614112684e60595e1fe30 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12_i386.deb > Size/MD5 checksum: 230960 8ba2a811fb753a4b5083254c5ab402c2 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12_i386.deb > Size/MD5 checksum: 227302 63e4524d17cb0dcf34774637293d2700 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12_i386.deb > Size/MD5 checksum: 3525452 7f0208aa3bc2e9974590839d141c4ca3 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12_i386.deb > Size/MD5 checksum: 3527346 6b321ce7efdc5d1f641ca4e14db1807e > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12_i386.deb > Size/MD5 checksum: 228266 e05c768db8f79e76db1dbf39200075cc > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12_i386.deb > Size/MD5 checksum: 227834 3799038b55f03ea7fcacef73e50a7b02 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12_i386.deb > Size/MD5 checksum: 8704448 f8531f0d6173228a2f952e4ca80ee618 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12_i386.deb > Size/MD5 checksum: 3524656 c40e3230e071e5917f3c82ef8d8a3b79 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12_i386.deb > Size/MD5 checksum: 8661138 121c4860a88e6e0ef84941b044e655ee > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12_i386.deb > Size/MD5 checksum: 226934 f29016331da939466d99fde7e6dbf0c4 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12_i386.deb > Size/MD5 checksum: 3431968 37d14ba3820e331c7701c6dbc65440c7 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12_i386.deb > Size/MD5 checksum: 3525938 0b4f3c22d96777bd95673e8c6ceb45a9 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12_i386.deb > Size/MD5 checksum: 3525194 89b06e76e46487a2708317a7d2643519 > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12_i386.deb > Size/MD5 checksum: 8960026 e01cd0b938c75a247cc111855632934c > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12_i386.deb > Size/MD5 checksum: 3524794 43c7a34c6428e7d79fb660b4a434aaae > > http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12_i386.deb > Size/MD5 checksum: 8703034 a6d0829412575a9f7e6c227c5275a47b > > - -- > - ---------------------------------------------------------------------------- > Debian Security team <[EMAIL PROTECTED]> > http://www.debian.org/security/ > Mailing-List: [EMAIL PROTECTED] > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQE/y6HGPLiSUC+jvC0RAnd9AKCKvn969KiqvmErdGNv1iJSgzTVxwCbBkWB > IZdDr8fKKloX6PSe+tPOW68= > =nGzM > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Jim Cheetham Systems Administrator, eCOSM Limited. Phone +64 3 365 4176 | Mobile +64 21 314 158 http://www.ecosm.com/
