Debians sikkerhedsbulletin

DSA-047-1 kernel -- adskillige sikkerhedsproblemer

Rapporteret den:
16. apr 2001
Berørte pakker:
various kernel packages
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2529.
I Mitres CVE-ordbog: CVE-2001-1390, CVE-2001-1391, CVE-2001-1392, CVE-2001-1393, CVE-2001-1394, CVE-2001-1395, CVE-2001-1396, CVE-2001-1397, CVE-2001-1398, CVE-2001-1399, CVE-2001-1400.
Yderligere oplysninger:
Man har opdaget at kernerne som anvendes i Debian GNU/Linux 2.2 har adskillige sikkerhedsproblemer. Dette er en liste over problemer, baseret på frigivelsesbemærkningenre til version 2.2.19, fundet på http://www.linux.org.uk/:
  • binfmt_misc anvendte brugersider direkte
  • CPIA-styreprogrammet indeholdt en 1-offset-fejl i buffer-koden, der gjorde det muligt for brugere at skrive i kernens hukommelse
  • CPUID- og MSR-styreprogrammerne har et problem i koden der fjerner et module fra hukommelsen, hvilket kunne få systemet til at gå ned hvis de var sat op til automatisk at blive indlæst og fjernet (bemærk at Debian ikke automatisk fjerner kerne-moduler fra hukommelsen)
  • Der var en mulig fejl i klassificeringskoden, der kunne få den til at hænge.
  • Systemkaldene getsockopt og setsockopt håndterede ikke signalbits korrekt, hvilket muliggjorde lokale overbelastningsangreb ("Denial of Service") og andre angreb.
  • Systemkaldet sysctl håndterede ikke signalbits korrekt, hvilket gav en bruger mulighed for at skrive i kernens hukommelse.
  • Dyster mellem ptrace og exec kunne give en lokal bruger ekstra rettigheder.
  • Muligt misbrug af et grænsetilfælde i sockfilter-koden.
  • Delt hukommelseskoden i SYSV kunne overskrive frigivet hukommelse, hvilket kunne give problemer.
  • Pakkelængdekontrollerne i masquerading-koden var lidt for afslappet (formenlig ikke så den kunne misbruges).
  • Nogle x86-assemblerfejl forsagede et forkert antal bytes blev kopieret.
  • En lokal bruger kunne få kernen til at gå i en "deadlock" på grund af fejl i UDP-portallokeringen.

Alle disse problemer er rettet i 2.2.19-kernen og vi anbefaler kraftigt at du opgraderer dine maskiner til at køre med denne kerne.

Bemærk at kerne-opdateringerne ikke foretages automatisk. Du skal eksplicit fortælle pakkesystemet at det skal installere en kerne passende til dit system.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.diff.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.tar.gz
http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.dsc
http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.tar.gz
Arkitekturuafhængig komponent:
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-doc-2.2.19_2.2.19-2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-source-2.2.19_2.2.19-2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-headers-2.2.19-sparc_6_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-arm_20010414_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-m68k_2.2.19-2_all.deb
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-powerpc_2.2.19-2_all.deb
ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/kernel-image-2.2.19-riscpc_20010414_arm.deb
Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-headers-2.2.19_2.2.19-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-generic_2.2.19-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-jensen_2.2.19-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-nautilus_2.2.19-1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-smp_2.2.19-1_alpha.deb
Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-headers-2.2.19_2.2.19-2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-amiga_2.2.19-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-atari_2.2.19-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-bvme6000_2.2.19-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mac_2.2.19-2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme147_2.2.19-1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme16x_2.2.19-1_m68k.deb
Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-compact_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-ide_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-idepci_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-compact_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-ide_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-idepci_2.2.19-2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19_2.2.19-2_i386.deb
PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-headers-2.2.19_2.2.19-2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-chrp_2.2.19-2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-pmac_2.2.19-2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-prep_2.2.19-2_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4cdm_6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-pci_6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-smp_6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u-smp_6_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u_6_sparc.deb