Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, Apr 14, 2004 at 05:08:42PM -0400, Phillip Hofmeister wrote: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). No, the number has absolutely no relation to the date the vulnerability was discovered. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, Apr 14, 2004 at 05:08:42PM -0400, Phillip Hofmeister wrote: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). No, the number has absolutely no relation to the date the vulnerability was discovered. Mike Stone
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Thanks for the many replies. Just for the record, I thought I'd type out what I had to go through to get everything to work: 1) At first, didn't realize I needed to uncomment the word prompt in lilo.conf (though I figured this one out before posting to the group). 2) The reason I received the error about being unable to mount root FS was because I didn't realize the following line was missing from the vmlinux.old stanza in lilo.conf: initrd=/initrd.img.old. I added this line to lilo, ran lilo at the prompt, rebooted, and was able to boot off of the original 2.4.18. So, now that I was back connected to the internet, I was able to use apt-get to get the new 2.4.18-1 package. Thank you again! I appreciate it. djr Peter Cordes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote: Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 I'm guessing that the wrong initrd is getting loaded for the kernel that's booting. Check your /boot/grub/menu.lst (or /etc/lilo.conf), and the symlinks in /boot for initrd-old.img (or whatever it's called). What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? Probably better to get a working kernel booted before you remove anything. If you have any kernel .debs that used to work, you could try installing one with dpkg -i. This might end up downgrading a kernel package you have installed, but just removing things won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to the right place. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 16 April 2004 08.20, David R wrote: 1) At first, didn't realize I needed to uncomment the word prompt in lilo.conf (though I figured this one out before posting to the group). You can just hold down the shift or control key when booting, this gets you the lilo prompt in any case (I always have prompt disabled, no need to delay the boot in the normal case, and on a desktop booting is a frequent enough occasion to make it worth the effort) - -- vbi - -- The content of this message may or may not reflect the opinion of me, my employer, my girlfriend, my cat or anybody else, regardless of the fact whether such an employer, girlfriend, cat, or anybody else exists. I (or my employer, girlfriend, cat or whoever) disclaim any legal obligations resulting from the above message. You, as the reader of this message, may or may not have the permission to redistribute this message as a whole or in parts, verbatim or in modified form, or to distribute any message at all. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/jYlgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6WVYAn3Cn69vQpDLFfFZyrqRpq6La 5OJJAJwKtXk3jTpHUcwd81IPhJJzSLU8nQ== =34lV -END PGP SIGNATURE-
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Thanks for the many replies. Just for the record, I thought I'd type out what I had to go through to get everything to work: 1) At first, didn't realize I needed to uncomment the word prompt in lilo.conf (though I figured this one out before posting to the group). 2) The reason I received the error about being unable to mount root FS was because I didn't realize the following line was missing from the vmlinux.old stanza in lilo.conf: initrd=/initrd.img.old. I added this line to lilo, ran lilo at the prompt, rebooted, and was able to boot off of the original 2.4.18. So, now that I was back connected to the internet, I was able to use apt-get to get the new 2.4.18-1 package. Thank you again! I appreciate it. djr Peter Cordes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote: Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 I'm guessing that the wrong initrd is getting loaded for the kernel that's booting. Check your /boot/grub/menu.lst (or /etc/lilo.conf), and the symlinks in /boot for initrd-old.img (or whatever it's called). What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? Probably better to get a working kernel booted before you remove anything. If you have any kernel .debs that used to work, you could try installing one with dpkg -i. This might end up downgrading a kernel package you have installed, but just removing things won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to the right place. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 16 April 2004 08.20, David R wrote: 1) At first, didn't realize I needed to uncomment the word prompt in lilo.conf (though I figured this one out before posting to the group). You can just hold down the shift or control key when booting, this gets you the lilo prompt in any case (I always have prompt disabled, no need to delay the boot in the normal case, and on a desktop booting is a frequent enough occasion to make it worth the effort) - -- vbi - -- The content of this message may or may not reflect the opinion of me, my employer, my girlfriend, my cat or anybody else, regardless of the fact whether such an employer, girlfriend, cat, or anybody else exists. I (or my employer, girlfriend, cat or whoever) disclaim any legal obligations resulting from the above message. You, as the reader of this message, may or may not have the permission to redistribute this message as a whole or in parts, verbatim or in modified form, or to distribute any message at all. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: get my key from http://fortytwo.ch/gpg/92082481 iKcEARECAGcFAkB/jYlgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6WVYAn3Cn69vQpDLFfFZyrqRpq6La 5OJJAJwKtXk3jTpHUcwd81IPhJJzSLU8nQ== =34lV -END PGP SIGNATURE-
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Greetings, Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). Thanks :) - I have already been there. Are there any, no longer classified information about the fixing process? Keep smilling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? djr Jan Lühr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings, Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). Thanks :) - I have already been there. Are there any, no longer classified information about the fixing process? Keep smilling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
David R [EMAIL PROTECTED] writes: What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? You could look at /var/cache/apt/archives and see if there is an old version of the kernel package. Try to install it using dpkg -i. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote: Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 I'm guessing that the wrong initrd is getting loaded for the kernel that's booting. Check your /boot/grub/menu.lst (or /etc/lilo.conf), and the symlinks in /boot for initrd-old.img (or whatever it's called). What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? Probably better to get a working kernel booted before you remove anything. If you have any kernel .debs that used to work, you could try installing one with dpkg -i. This might end up downgrading a kernel package you have installed, but just removing things won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to the right place. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Greetings, Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). Thanks :) - I have already been there. Are there any, no longer classified information about the fixing process? Keep smilling yanosz
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? djr Jan Lühr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings, Am Mittwoch, 14. April 2004 23:08 schrieb Phillip Hofmeister: If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). Thanks :) - I have already been there. Are there any, no longer classified information about the fixing process? Keep smilling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
David R [EMAIL PROTECTED] writes: What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? You could look at /var/cache/apt/archives and see if there is an old version of the kernel package. Try to install it using dpkg -i. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr.
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Thu, Apr 15, 2004 at 09:33:32PM +0200, David R wrote: Yes, any ideas how to fix this? I'm a newbie, so a bit new to Linux. When I installed this 2.4.18 package, it blew up my network card, so I am unable to get the new, fixed package. I thought about using apt-get remove to get rid of the patched kernel, but somehow this seemed ungood to me, so I tried booting from LinuxOLD, which points to the original (as far as I can tell) vmlinuz-2.4.18-686. However, when I try this, I get the following error: Kernel Panic: VFS: Unable to mount root FS on 03:01 I'm guessing that the wrong initrd is getting loaded for the kernel that's booting. Check your /boot/grub/menu.lst (or /etc/lilo.conf), and the symlinks in /boot for initrd-old.img (or whatever it's called). What do I do? Do I use apt-get remove to get rid of the patched kernel? Do I do something else? Probably better to get a working kernel booted before you remove anything. If you have any kernel .debs that used to work, you could try installing one with dpkg -i. This might end up downgrading a kernel package you have installed, but just removing things won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to the right place. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Greetings, Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze: -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 puh - synchronised with the realese 2.4.26 and no warnings of bugtraq or fd... Good work. I imagine that everything is fixed in 2.4.26. Does someone know if 2.4.26 is a bugfix pre-release? I'm getting a little bit confused right know, if there are serious issue with the kernel, why wasn't there any earlier release of 2.4.26? Refering to the large number of fixed vuln, might an earlier release of single patches has been an option? Or did you watch fd to find the right time? Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
hi joey, the new packages on security.d.o are way to small (1meg vs. 8meg in the past), and seem to contain NO MODULES besides dummy.o . i fear upgerading woody will disconnect any network connections. please please review and pull that update. thanks, /felix. At 16:52 14.04.04 +0200, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq - -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update: CAN-2004-0003 A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this. CAN-2004-0178 Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction. These problems will also be fixed by upstream in Linux 2.4.26 and future versions of 2.6. The following security matrix explains which kernel versions for which architecture are already fixed. Kernel images in the unstable Debian distribution (sid) will be fixed soon. Architecturestable (woody) unstable (sid)removed in sid source 2.4.18-14.32.4.25-3 -- alpha 2.4.18-15 soon -- i3862.4.18-13 soon -- i386bf 2.4.18-5woody8 soon -- powerpc 2.4.18-1woody5 2.4.25-8 2.4.22 We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18-14.3.dsc Size/MD5 checksum: 664 a9d96cc8553c3a9085bad09e071c5814 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18-14.3.diff.gz Size/MD5 checksum:70724 4de077af92c196a6af7797d1ceea4004 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18.orig.tar.gz Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/k ernel-image-2.4.18-1-alpha_2.4.18-15.dsc Size/MD5 checksum: 876 453a2a47eb3c6b748e75e0cb65bdd6bb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/k ernel-image-2.4.18-1-alpha_2.4.18-15.tar.gz Size/MD5 checksum:24922 f822e7999659ddcfd53dee73894afdc1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/ke rnel-image-2.4.18-1-i386_2.4.18-13.dsc Size/MD5 checksum: 1327 d37593f6e47c2b9809530eb54deeae3e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/ke
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote: Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 It seems that at least the kernel-image-2.4.18-1-k7-package lacks all modules! Please check before updating, you will probably break your system. [snipp] http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb Size/MD5 checksum: 1154342 152aca9d4a2d7014a9834c239d754d0e # md5sum /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb 152aca9d4a2d7014a9834c239d754d0e /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb # dpkg -L kernel-image-2.4.18-1-k7 /. /boot /boot/config-2.4.18-1-k7 /boot/vmlinuz-2.4.18-1-k7 /boot/System.map-2.4.18-1-k7 /usr /usr/share /usr/share/doc /usr/share/doc/kernel-image-2.4.18-1-k7 /usr/share/doc/kernel-image-2.4.18-1-k7/Changes.gz /usr/share/doc/kernel-image-2.4.18-1-k7/copyright /usr/share/doc/kernel-image-2.4.18-1-k7/changelog.gz /usr/share/doc/kernel-image-2.4.18-1-k7/LiloDefault.gz /usr/share/doc/kernel-image-2.4.18-1-k7/Buildinfo /usr/share/doc/kernel-image-2.4.18-1-k7/debian.README.gz /usr/share/doc/kernel-image-2.4.18-1-k7/conf.vars.gz /usr/share/doc/kernel-image-2.4.18-1-k7/README.Debian.1st.gz /lib /lib/modules /lib/modules/2.4.18-1-k7 /lib/modules/2.4.18-1-k7/kernel /lib/modules/2.4.18-1-k7/kernel/drivers /lib/modules/2.4.18-1-k7/kernel/drivers/net /lib/modules/2.4.18-1-k7/kernel/drivers/net/dummy.o /lib/modules/2.4.18-1-k7/modules.dep /lib/modules/2.4.18-1-k7/modules.generic_string /lib/modules/2.4.18-1-k7/modules.pcimap /lib/modules/2.4.18-1-k7/modules.isapnpmap /lib/modules/2.4.18-1-k7/modules.usbmap /lib/modules/2.4.18-1-k7/modules.parportmap /lib/modules/2.4.18-1-k7/modules.ieee1394map /lib/modules/2.4.18-1-k7/modules.pnpbiosmap # dpkg --status kernel-image-2.4.18-1-k7 Package: kernel-image-2.4.18-1-k7 Status: install ok installed Priority: optional Section: base Installed-Size: 1708 Maintainer: Herbert Xu [EMAIL PROTECTED] Source: kernel-image-2.4.18-1-i386 Version: 2.4.18-13 Provides: kernel-image, kernel-image-2.4 Depends: initrd-tools (= 0.1.21), fileutils (= 4.0), modutils (= 2.3.12) Suggests: lilo (= 19.1), fdutils, kernel-doc-2.4.18, kernel-pcmcia-modules-2.4.18-1-k7 | pcmcia-modules-2.4.18-1-k7 Description: Linux kernel image for version 2.4.18 on AMD K7 Greetings, Martin -- /¯¯¯\ | PGP-Key 0x43D23ABE available via www.de.pgp.net, see header for fpr | | Uptime: 3 days, 22 hours, 57 minutes and 32 seconds (Linux 2.4.18) | \___/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote: - -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq - -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 I installed the new 2.4.18-1-686 and only after a reboot I found out that /lib/modules contains just one .o file, net/dummy.o. I had the source on disk, and had no problems rebuilding, but I found it a anyoing hour spent. Did I catch a stray error, or are that package serioususly broken? Cheers from Norway, Rune Nordbøe Skillingstad -- «I came out of it dead broke, without a house, without anything except a girlfriend and a knowledge of Unix.» «Well, that's something. Normally those two are mutually exclusive» - Neal Stephenson, Cryptonomicon signature.asc Description: This is a digitally signed message part
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote: Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update: It would be nice if such messages included a link to the CVE website (http://www.cve.mitre.org/). (I do not subscribe to debian-security.) Carl Witty -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Greetings, Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze: -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 puh - synchronised with the realese 2.4.26 and no warnings of bugtraq or fd... Good work. I imagine that everything is fixed in 2.4.26. Does someone know if 2.4.26 is a bugfix pre-release? I'm getting a little bit confused right know, if there are serious issue with the kernel, why wasn't there any earlier release of 2.4.26? Refering to the large number of fixed vuln, might an earlier release of single patches has been an option? Or did you watch fd to find the right time? Keep smiling yanosz
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
hi joey, the new packages on security.d.o are way to small (1meg vs. 8meg in the past), and seem to contain NO MODULES besides dummy.o . i fear upgerading woody will disconnect any network connections. please please review and pull that update. thanks, /felix. At 16:52 14.04.04 +0200, you wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq - -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update: CAN-2004-0003 A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this. CAN-2004-0178 Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction. These problems will also be fixed by upstream in Linux 2.4.26 and future versions of 2.6. The following security matrix explains which kernel versions for which architecture are already fixed. Kernel images in the unstable Debian distribution (sid) will be fixed soon. Architecturestable (woody) unstable (sid)removed in sid source 2.4.18-14.32.4.25-3 -- alpha 2.4.18-15 soon -- i3862.4.18-13 soon -- i386bf 2.4.18-5woody8 soon -- powerpc 2.4.18-1woody5 2.4.25-8 2.4.22 We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18-14.3.dsc Size/MD5 checksum: 664 a9d96cc8553c3a9085bad09e071c5814 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18-14.3.diff.gz Size/MD5 checksum:70724 4de077af92c196a6af7797d1ceea4004 http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-s ource-2.4.18_2.4.18.orig.tar.gz Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/k ernel-image-2.4.18-1-alpha_2.4.18-15.dsc Size/MD5 checksum: 876 453a2a47eb3c6b748e75e0cb65bdd6bb http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/k ernel-image-2.4.18-1-alpha_2.4.18-15.tar.gz Size/MD5 checksum:24922 f822e7999659ddcfd53dee73894afdc1 http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/ke rnel-image-2.4.18-1-i386_2.4.18-13.dsc Size/MD5 checksum: 1327 d37593f6e47c2b9809530eb54deeae3e http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/ke
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote: Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 It seems that at least the kernel-image-2.4.18-1-k7-package lacks all modules! Please check before updating, you will probably break your system. [snipp] http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb Size/MD5 checksum: 1154342 152aca9d4a2d7014a9834c239d754d0e # md5sum /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb 152aca9d4a2d7014a9834c239d754d0e /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb # dpkg -L kernel-image-2.4.18-1-k7 /. /boot /boot/config-2.4.18-1-k7 /boot/vmlinuz-2.4.18-1-k7 /boot/System.map-2.4.18-1-k7 /usr /usr/share /usr/share/doc /usr/share/doc/kernel-image-2.4.18-1-k7 /usr/share/doc/kernel-image-2.4.18-1-k7/Changes.gz /usr/share/doc/kernel-image-2.4.18-1-k7/copyright /usr/share/doc/kernel-image-2.4.18-1-k7/changelog.gz /usr/share/doc/kernel-image-2.4.18-1-k7/LiloDefault.gz /usr/share/doc/kernel-image-2.4.18-1-k7/Buildinfo /usr/share/doc/kernel-image-2.4.18-1-k7/debian.README.gz /usr/share/doc/kernel-image-2.4.18-1-k7/conf.vars.gz /usr/share/doc/kernel-image-2.4.18-1-k7/README.Debian.1st.gz /lib /lib/modules /lib/modules/2.4.18-1-k7 /lib/modules/2.4.18-1-k7/kernel /lib/modules/2.4.18-1-k7/kernel/drivers /lib/modules/2.4.18-1-k7/kernel/drivers/net /lib/modules/2.4.18-1-k7/kernel/drivers/net/dummy.o /lib/modules/2.4.18-1-k7/modules.dep /lib/modules/2.4.18-1-k7/modules.generic_string /lib/modules/2.4.18-1-k7/modules.pcimap /lib/modules/2.4.18-1-k7/modules.isapnpmap /lib/modules/2.4.18-1-k7/modules.usbmap /lib/modules/2.4.18-1-k7/modules.parportmap /lib/modules/2.4.18-1-k7/modules.ieee1394map /lib/modules/2.4.18-1-k7/modules.pnpbiosmap # dpkg --status kernel-image-2.4.18-1-k7 Package: kernel-image-2.4.18-1-k7 Status: install ok installed Priority: optional Section: base Installed-Size: 1708 Maintainer: Herbert Xu [EMAIL PROTECTED] Source: kernel-image-2.4.18-1-i386 Version: 2.4.18-13 Provides: kernel-image, kernel-image-2.4 Depends: initrd-tools (= 0.1.21), fileutils (= 4.0), modutils (= 2.3.12) Suggests: lilo (= 19.1), fdutils, kernel-doc-2.4.18, kernel-pcmcia-modules-2.4.18-1-k7 | pcmcia-modules-2.4.18-1-k7 Description: Linux kernel image for version 2.4.18 on AMD K7 Greetings, Martin -- /¯¯¯\ | PGP-Key 0x43D23ABE available via www.de.pgp.net, see header for fpr | | Uptime: 3 days, 22 hours, 57 minutes and 32 seconds (Linux 2.4.18) | \___/
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote: - -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq - -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 I installed the new 2.4.18-1-686 and only after a reboot I found out that /lib/modules contains just one .o file, net/dummy.o. I had the source on disk, and had no problems rebuilding, but I found it a anyoing hour spent. Did I catch a stray error, or are that package serioususly broken? Cheers from Norway, Rune Nordbøe Skillingstad -- «I came out of it dead broke, without a house, without anything except a girlfriend and a knowledge of Unix.» «Well, that's something. Normally those two are mutually exclusive» - Neal Stephenson, Cryptonomicon signature.asc Description: This is a digitally signed message part
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Hello Martin Schulze, am Mittwoch, 14. April 2004 um 16:52 schrieben Sie: MS -- MS Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] MS ... MS -- MS Package: kernel-source-2.4.18 MS kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 MS kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc MS ... MS http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13_i386.deb MS Size/MD5 checksum: 1154358 a6e7db160b30f90711be11260128a6bb And it crashes my system. The Kernel is just 1.1 MB - too small to run! Please recognize. Sincerly Henning Bredenkötter
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Jan Lühr [EMAIL PROTECTED] writes: Greetings, Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze: -- Debian Security Advisory DSA 479-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 14th, 2004http://www.debian.org/security/faq -- Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc Vulnerability : several vulnerabilities Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178 puh - synchronised with the realese 2.4.26 and no warnings of bugtraq or fd... Good work. I imagine that everything is fixed in 2.4.26. Does someone know if 2.4.26 is a bugfix pre-release? I'm getting a little bit confused right know, if there are serious issue with the kernel, why wasn't there any earlier release of 2.4.26? Okay... This is the result of a cursory check, do your homework, yada, yada... CAN-2004-0003 According to the patch in http://www.uwsg.iu.edu/hypermail/linux/kernel/0403.1/0360.html 2.4.26 contains the fix. CAN-2004-0010 I don't use ncpfs, and I do not care. I could not find anything about this either CAN-2004-0109 The patch in [EMAIL PROTECTED] is in 2.4.26. CAN-2004-0177 A diff of fs/ext3 between 2.4.25 and 2.4.26 yields nothing. The same for JBD yields: --- linux-2.4.25/fs/jbd/journal.c Wed Feb 18 05:36:31 2004 +++ linux-2.4.26/fs/jbd/journal.c Wed Apr 14 06:05:40 2004 @@ -671,6 +671,7 @@ bh = getblk(journal-j_dev, blocknr, journal-j_blocksize); lock_buffer(bh); + memset(bh-b_data, 0, journal-j_blocksize); BUFFER_TRACE(bh, return this buffer); return journal_add_journal_head(bh); } And the changelog mentions: Theodore Y. T'so: o zerout JBD journal descriptor blocks So I think that's it: the fix CAN-2004-0177 is in the kernel. CAN-2004-0178 A diff of drivers/sound between 2.4.25 and 2.4.26 yields some new PCI ids for i810_audio.c as well as: --- linux-2.4.25/drivers/sound/sb_audio.c Mon Feb 25 11:38:06 2002 +++ linux-2.4.26/drivers/sound/sb_audio.c Wed Apr 14 06:05:32 2004 @@ -879,7 +879,7 @@ c -= locallen; p += locallen; } /* used = ( samples * 16 bits size ) */ - *used = len 1; + *used = max_in ( max_out 1) ? (max_out 1) : max_in; /* returned = ( samples * 8 bits size ) */ *returned = len; } That must be it. The snippet appeared in pre3, the changelog says: andikies:t-online.de: o sb16 sample size fix And the Debian advisory mentions Andi Kies. SUMMARY Except for CAN-2004-0010 (ncpfs), 2.4.26 contains all the security fixes from DSA 479-1. Phil.
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Greetings,.. Am Mittwoch, 14. April 2004 20:57 schrieben Sie: Jan Lühr [EMAIL PROTECTED] writes: Greetings, Okay... This is the result of a cursory check, do your homework, yada, yada... Thanks for doing so ;) Anyway, this wasn't the intetention of my post. My point is, that five local root exploits at once are a little bit scary, as far as there are no patch- days for debian ;). So I'd like to know, which of them might have been fixed earlier. It's just my interest to track the linux-sec-efforts from my point of view. Keep smiling yanosz
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
If you checked the reference CVE numbers you should be able to tell when the exposure first occurred (or close to it). On Wed, 14 Apr 2004 at 04:30:16PM -0400, Jan L?hr wrote: Greetings,.. Am Mittwoch, 14. April 2004 20:57 schrieben Sie: Jan L?hr [EMAIL PROTECTED] writes: Greetings, Okay... This is the result of a cursory check, do your homework, yada, yada... Thanks for doing so ;) Anyway, this wasn't the intetention of my post. My point is, that five local root exploits at once are a little bit scary, as far as there are no patch- days for debian ;). So I'd like to know, which of them might have been fixed earlier. It's just my interest to track the linux-sec-efforts from my point of view. Keep smiling yanosz -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Jan Lühr [EMAIL PROTECTED] writes: Greetings,.. Am Mittwoch, 14. April 2004 20:57 schrieben Sie: Jan Lühr [EMAIL PROTECTED] writes: Greetings, Okay... This is the result of a cursory check, do your homework, yada, yada... Thanks for doing so ;) Anyway, this wasn't the intetention of my post. My point is, that five local root exploits at once are a little bit scary, as far as there are no patch- days for debian ;). Actually: CAN-2004-0003 (the R128 DRI bounds checking bug) is a potential local root exploit; CAN-2004-0010 (ncpfs) might be remotely exploitable; CAN-2004-0109 (isofs) is is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium; CAN-2004-0177 (ext3) is an information leak that cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information; CAN-2004-0178 (soundblaster) can only result in a DOS. So that's not as bad as you make it sound. Phil.
Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote: Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures. The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update: It would be nice if such messages included a link to the CVE website (http://www.cve.mitre.org/). (I do not subscribe to debian-security.) Carl Witty