Debians sikkerhedsbulletin
DSA-047-1 kernel -- adskillige sikkerhedsproblemer
- Rapporteret den:
- 16. apr 2001
- Berørte pakker:
- various kernel packages
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2529.
I Mitres CVE-ordbog: CVE-2001-1390, CVE-2001-1391, CVE-2001-1392, CVE-2001-1393, CVE-2001-1394, CVE-2001-1395, CVE-2001-1396, CVE-2001-1397, CVE-2001-1398, CVE-2001-1399, CVE-2001-1400. - Yderligere oplysninger:
-
Man har opdaget at kernerne som anvendes i Debian GNU/Linux 2.2 har
adskillige sikkerhedsproblemer. Dette er en liste over problemer, baseret på
frigivelsesbemærkningenre til version 2.2.19, fundet på
http://www.linux.org.uk/:
- binfmt_misc anvendte brugersider direkte
- CPIA-styreprogrammet indeholdt en 1-offset-fejl i buffer-koden, der gjorde det muligt for brugere at skrive i kernens hukommelse
- CPUID- og MSR-styreprogrammerne har et problem i koden der fjerner et module fra hukommelsen, hvilket kunne få systemet til at gå ned hvis de var sat op til automatisk at blive indlæst og fjernet (bemærk at Debian ikke automatisk fjerner kerne-moduler fra hukommelsen)
- Der var en mulig fejl i klassificeringskoden, der kunne få den til at hænge.
- Systemkaldene getsockopt og setsockopt håndterede ikke signalbits korrekt, hvilket muliggjorde lokale overbelastningsangreb ("Denial of Service") og andre angreb.
- Systemkaldet sysctl håndterede ikke signalbits korrekt, hvilket gav en bruger mulighed for at skrive i kernens hukommelse.
- Dyster mellem ptrace og exec kunne give en lokal bruger ekstra rettigheder.
- Muligt misbrug af et grænsetilfælde i sockfilter-koden.
- Delt hukommelseskoden i SYSV kunne overskrive frigivet hukommelse, hvilket kunne give problemer.
- Pakkelængdekontrollerne i masquerading-koden var lidt for afslappet (formenlig ikke så den kunne misbruges).
- Nogle x86-assemblerfejl forsagede et forkert antal bytes blev kopieret.
- En lokal bruger kunne få kernen til at gå i en "deadlock" på grund af fejl i UDP-portallokeringen.
Alle disse problemer er rettet i 2.2.19-kernen og vi anbefaler kraftigt at du opgraderer dine maskiner til at køre med denne kerne.
Bemærk at kerne-opdateringerne ikke foretages automatisk. Du skal eksplicit fortælle pakkesystemet at det skal installere en kerne passende til dit system.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.dsc
- http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.dsc
- Arkitekturuafhængig komponent:
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-doc-2.2.19_2.2.19-2_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-source-2.2.19_2.2.19-2_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-headers-2.2.19-sparc_6_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-arm_20010414_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-m68k_2.2.19-2_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-powerpc_2.2.19-2_all.deb
- http://security.debian.org/dists/stable/updates/main/binary-all/kernel-source-2.2.19_2.2.19-2_all.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/kernel-image-2.2.19-riscpc_20010414_arm.deb
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-headers-2.2.19_2.2.19-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-generic_2.2.19-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-jensen_2.2.19-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-nautilus_2.2.19-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-smp_2.2.19-1_alpha.deb
- http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-generic_2.2.19-1_alpha.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-headers-2.2.19_2.2.19-2_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-amiga_2.2.19-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-atari_2.2.19-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-bvme6000_2.2.19-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mac_2.2.19-2_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme147_2.2.19-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme16x_2.2.19-1_m68k.deb
- http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-amiga_2.2.19-1_m68k.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-compact_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-ide_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-idepci_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-compact_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-ide_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-idepci_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19_2.2.19-2_i386.deb
- http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-ide_2.2.19-2_i386.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-headers-2.2.19_2.2.19-2_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-chrp_2.2.19-2_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-pmac_2.2.19-2_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-prep_2.2.19-2_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-chrp_2.2.19-2_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4cdm_6_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-pci_6_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-smp_6_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u-smp_6_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u_6_sparc.deb
- http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-pci_6_sparc.deb