[Sussex] Kernel Security Hole!

[Geoffrey Teale]

Chaps,

Apparantly Red Hat Network users had auto-patches for this first thing this 
morning.. so lets see how everyone else got on..

A security hole has been found in Linux kernels using PTrace, see the slashdot 
story linked below.  There are patches for 2.2.25 and 2.4.20-pre available.  
2.4.21 and 2.5.x are not vunerable.

http://slashdot.org/articles/03/03/18/199208.shtml?tid=106&tid=172

Note.  There are no known cases of this hole being used - it's just being 
open-source someone noticed it... Alan Cox's post is below:

========================
Ptrace hole / Linux 2.2.25

To: linux-kernel at vger.kernel.org
Subject: Ptrace hole / Linux 2.2.25
From: Alan Cox 
Date: Mon, 17 Mar 2003 11:04:35 -0500 (EST)
Sender: linux-kernel-owner at vger.kernel.org

-----------------------

Vulnerability: CAN-2003-0127

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
local users to obtain full privileges. Remote exploitation of this hole is
not possible. Linux 2.5 is not believed to be vulnerable.

Linux 2.2.25 has been released to correct Linux 2.2. It contains no other
changes. The bug fixes that would have been in 2.2.5pre1 will now appear in
2.2.26pre1. The patch will apply directly to most older 2.2 releases.

A patch for Linux 2.4.20/Linux 2.4.21pre is attached. The patch also
subtly changes the PR_SET_DUMPABLE prctl. We believe this is neccessary and
that it will not affect any software. The functionality change is specific
to unusual debugging situations.

We would like to thank Andrzej Szombierski who found the problem, and
wrote an initial patch. Seth Arnold cleaned up the 2.2 change. Arjan van
de Ven and Ben LaHaise identified additional problems with the original
fix.

Alan

 

-- 
GJT
tealeg at member.fsf.org
Free Software Foundation