Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: General :: cssa0320.txt

OpenLinux: kernel kmod/ptrace root exploit




______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: kernel kmod/ptrace root exploit
Advisory number: 	CSSA-2003-020.0
Issue date: 		2003 May 09
Cross reference:
______________________________________________________________________________


1. Problem Description

	The kernel module loader in the Linux kernel allows local users
	to gain root privileges by using ptrace to attach to a child
	process that is spawned by the kernel.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to linux-kernel-binary-2.4.13-21S.i386.rpm
					prior to linux-kernel-include-2.4.13-21S.i386.rpm
					prior to linux-source-UserMode-2.4.13-21S.i386.rpm
					prior to linux-source-alpha-2.4.13-21S.i386.rpm
					prior to linux-source-arm-2.4.13-21S.i386.rpm
					prior to linux-source-common-2.4.13-21S.i386.rpm
					prior to linux-source-cris-2.4.13-21S.i386.rpm
					prior to linux-source-i386-2.4.13-21S.i386.rpm
					prior to linux-source-ia64-2.4.13-21S.i386.rpm
					prior to linux-source-m68k-2.4.13-21S.i386.rpm
					prior to linux-source-mips-2.4.13-21S.i386.rpm
					prior to linux-source-parisc-2.4.13-21S.i386.rpm
					prior to linux-source-ppc-2.4.13-21S.i386.rpm
					prior to linux-source-s390-2.4.13-21S.i386.rpm
					prior to linux-source-sparc-2.4.13-21S.i386.rpm
					prior to linux-source-superH-2.4.13-21S.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to linux-kernel-binary-2.4.13-21D.i386.rpm
					prior to linux-kernel-include-2.4.13-21D.i386.rpm
					prior to linux-source-UserMode-2.4.13-21D.i386.rpm
					prior to linux-source-alpha-2.4.13-21D.i386.rpm
					prior to linux-source-arm-2.4.13-21D.i386.rpm
					prior to linux-source-common-2.4.13-21D.i386.rpm
					prior to linux-source-cris-2.4.13-21D.i386.rpm
					prior to linux-source-i386-2.4.13-21D.i386.rpm
					prior to linux-source-ia64-2.4.13-21D.i386.rpm
					prior to linux-source-m68k-2.4.13-21D.i386.rpm
					prior to linux-source-mips-2.4.13-21D.i386.rpm
					prior to linux-source-parisc-2.4.13-21D.i386.rpm
					prior to linux-source-ppc-2.4.13-21D.i386.rpm
					prior to linux-source-s390-2.4.13-21D.i386.rpm
					prior to linux-source-sparc-2.4.13-21D.i386.rpm
					prior to linux-source-superH-2.4.13-21D.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/RPMS

	4.2 Packages

	41748cdaf8d1809822b131c0c2c7b90a	linux-kernel-binary-2.4.13-21S.i386.rpm
	acaaf0982bd6ad7c945c3a463164b56c	linux-kernel-include-2.4.13-21S.i386.rpm
	588b015160d3c7e6ca649986de74d923	linux-source-UserMode-2.4.13-21S.i386.rpm
	f5dbb77015b314909a5242e58a3ac7b9	linux-source-alpha-2.4.13-21S.i386.rpm
	7f2472b4958d8b268d87525b29eefeaf	linux-source-arm-2.4.13-21S.i386.rpm
	80a201cbcb343a3ea565b045f882e1ce	linux-source-common-2.4.13-21S.i386.rpm
	dba74ba0f87828c6f82a98642986e271	linux-source-cris-2.4.13-21S.i386.rpm
	dd3048b40b323b96335efe17309fb5f3	linux-source-i386-2.4.13-21S.i386.rpm
	869c0409318d7a01264c7a7a42b8c51d	linux-source-ia64-2.4.13-21S.i386.rpm
	7341a22a39014c8a642a91c1cad50a29	linux-source-m68k-2.4.13-21S.i386.rpm
	e580fc559de6f8788112cce694e58784	linux-source-mips-2.4.13-21S.i386.rpm
	d2417933a143e47027d0bf00d7d4e96e	linux-source-parisc-2.4.13-21S.i386.rpm
	917579c9a6520dfb8791821d3e773181	linux-source-ppc-2.4.13-21S.i386.rpm
	d154580aea946574447b733e7ca09fcb	linux-source-s390-2.4.13-21S.i386.rpm
	247d115a3ecc81e93af2ae883dcf19ed	linux-source-sparc-2.4.13-21S.i386.rpm
	b5d1ecd0828b87d2a05b0d8044e29ab7	linux-source-superH-2.4.13-21S.i386.rpm

	4.3 Installation

	rpm -Fvh linux-kernel-binary-2.4.13-21S.i386.rpm
	rpm -Fvh linux-kernel-include-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-UserMode-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-alpha-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-arm-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-common-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-cris-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-i386-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-ia64-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-m68k-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-mips-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-parisc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-ppc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-s390-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-sparc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-superH-2.4.13-21S.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/SRPMS

	4.5 Source Packages

	ddc96e148b473b86b63927b489f55404	linux-2.4.13-21S.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/RPMS

	5.2 Packages

	bd5364e5bf524dbd080e2a734afb47e2	linux-kernel-binary-2.4.13-21D.i386.rpm
	c7eb0c054673c38181336556b5bc6d96	linux-kernel-include-2.4.13-21D.i386.rpm
	d8ccf3ed3e5e0851b1d398a5143d4cb9	linux-source-UserMode-2.4.13-21D.i386.rpm
	53b4dcb71df1b2390ced22b62deed9ea	linux-source-alpha-2.4.13-21D.i386.rpm
	0e2f96279a30492ffca3e521449a4771	linux-source-arm-2.4.13-21D.i386.rpm
	011bcb383ea9badb519435874173d529	linux-source-common-2.4.13-21D.i386.rpm
	876483cc7a9448f2a06e11d8337ad201	linux-source-cris-2.4.13-21D.i386.rpm
	d89779ea77adf5a8e9f2efb999ae7ce4	linux-source-i386-2.4.13-21D.i386.rpm
	49cf9327d4826ca35d22f84788249abd	linux-source-ia64-2.4.13-21D.i386.rpm
	61a0979d2280ac6ab999ffe64f3b5caf	linux-source-m68k-2.4.13-21D.i386.rpm
	eb3018d64118f872485ed2bc342e7203	linux-source-mips-2.4.13-21D.i386.rpm
	7b2b03d3864637b0635e7d57c2a72610	linux-source-parisc-2.4.13-21D.i386.rpm
	14148ea7fbcfa4e001919a2caf409384	linux-source-ppc-2.4.13-21D.i386.rpm
	e8336b89d29093a7d9e3e8d09d1e2b30	linux-source-s390-2.4.13-21D.i386.rpm
	00908c06084007713bbcc03aa1ee8233	linux-source-sparc-2.4.13-21D.i386.rpm
	4c45777444c8ca91249b757c3984582e	linux-source-superH-2.4.13-21D.i386.rpm

	5.3 Installation

	rpm -Fvh linux-kernel-binary-2.4.13-21D.i386.rpm
	rpm -Fvh linux-kernel-include-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-UserMode-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-alpha-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-arm-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-common-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-cris-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-i386-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-ia64-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-m68k-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-mips-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-parisc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-ppc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-s390-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-sparc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-superH-2.4.13-21D.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/SRPMS

	5.5 Source Packages

	73cad7e5db287a962de14109fa126354	linux-2.4.13-21D.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876055, fz527562,
	erg712269, sr876810, fz527692, erg712288.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Andrzej Szombierski <qq@kuku.eu.org> discovered and researched
	this vulnerability.

______________________________________________________________________________

--RASg3xLB4tUQ4RcS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6/47UACgkQbluZssSXDTHTpwCfZ3K2gjTEbUgw0XyZHzzqlGI7
kmgAn3ZWnYy54NBSJ88yYjIU/52c4wTl
=KEvs
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH