Debians sikkerhedsbulletin

DSA-047-1 kernel -- adskillige sikkerhedsproblemer

Rapporteret den:

16. apr 2001

Berørte pakker:

various kernel packages

Sårbar:

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2529.
I Mitres CVE-ordbog: CVE-2001-1390, CVE-2001-1391, CVE-2001-1392, CVE-2001-1393, CVE-2001-1394, CVE-2001-1395, CVE-2001-1396, CVE-2001-1397, CVE-2001-1398, CVE-2001-1399, CVE-2001-1400.

Yderligere oplysninger:

Man har opdaget at kernerne som anvendes i Debian GNU/Linux 2.2 har adskillige sikkerhedsproblemer. Dette er en liste over problemer, baseret på frigivelsesbemærkningenre til version 2.2.19, fundet på http://www.linux.org.uk/:

binfmt_misc anvendte brugersider direkte
CPIA-styreprogrammet indeholdt en 1-offset-fejl i buffer-koden, der gjorde det muligt for brugere at skrive i kernens hukommelse
CPUID- og MSR-styreprogrammerne har et problem i koden der fjerner et module fra hukommelsen, hvilket kunne få systemet til at gå ned hvis de var sat op til automatisk at blive indlæst og fjernet (bemærk at Debian ikke automatisk fjerner kerne-moduler fra hukommelsen)
Der var en mulig fejl i klassificeringskoden, der kunne få den til at hænge.
Systemkaldene getsockopt og setsockopt håndterede ikke signalbits korrekt, hvilket muliggjorde lokale overbelastningsangreb ("Denial of Service") og andre angreb.
Systemkaldet sysctl håndterede ikke signalbits korrekt, hvilket gav en bruger mulighed for at skrive i kernens hukommelse.
Dyster mellem ptrace og exec kunne give en lokal bruger ekstra rettigheder.
Muligt misbrug af et grænsetilfælde i sockfilter-koden.
Delt hukommelseskoden i SYSV kunne overskrive frigivet hukommelse, hvilket kunne give problemer.
Pakkelængdekontrollerne i masquerading-koden var lidt for afslappet (formenlig ikke så den kunne misbruges).
Nogle x86-assemblerfejl forsagede et forkert antal bytes blev kopieret.
En lokal bruger kunne få kernen til at gå i en "deadlock" på grund af fejl i UDP-portallokeringen.

Alle disse problemer er rettet i 2.2.19-kernen og vi anbefaler kraftigt at du opgraderer dine maskiner til at køre med denne kerne.

Bemærk at kerne-opdateringerne ikke foretages automatisk. Du skal eksplicit fortælle pakkesystemet at det skal installere en kerne passende til dit system.

Rettet i:

Debian GNU/Linux 2.2 (potato)

Kildekode:: http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.diff.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19.orig.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.tar.gz; http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.dsc; http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/dists/stable/updates/main/binary-all/kernel-doc-2.2.19_2.2.19-2_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/kernel-source-2.2.19_2.2.19-2_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/kernel-headers-2.2.19-sparc_6_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-arm_20010414_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-m68k_2.2.19-2_all.deb; http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-powerpc_2.2.19-2_all.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/kernel-image-2.2.19-riscpc_20010414_arm.deb
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-headers-2.2.19_2.2.19-1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-generic_2.2.19-1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-jensen_2.2.19-1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-nautilus_2.2.19-1_alpha.deb; http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-smp_2.2.19-1_alpha.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-headers-2.2.19_2.2.19-2_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-amiga_2.2.19-1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-atari_2.2.19-1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-bvme6000_2.2.19-1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mac_2.2.19-2_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme147_2.2.19-1_m68k.deb; http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme16x_2.2.19-1_m68k.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-compact_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-ide_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-idepci_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-compact_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-ide_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-idepci_2.2.19-2_i386.deb; http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19_2.2.19-2_i386.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-headers-2.2.19_2.2.19-2_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-chrp_2.2.19-2_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-pmac_2.2.19-2_powerpc.deb; http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-prep_2.2.19-2_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4cdm_6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-pci_6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-smp_6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u-smp_6_sparc.deb; http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u_6_sparc.deb