TUCoPS :: SCO :: bt1446.txt

Security Update: OpenLinux: kernel kmod/ptrace root exploit


This is a multi-part message in MIME format.

------=_NextPart_000_009C_01C39EE1.141422C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit


----- Original Message -----
From: <security@sco.com>
To: <bugtraq@securityfocus.com>; <announce@lists.caldera.com>;
<security-alerts@linuxsecurity.com>
Sent: Monday, May 12, 2003 10:11 AM
Subject: Security Update: [CSSA-2003-020.0] OpenLinux: kernel kmod/ptrace
root exploit

To: bugtraq@securityfocus.com announce@lists.caldera.com
security-alerts@linuxsecurity.com


____________________________________________________________________________
__

   SCO Security Advisory

Subject:  OpenLinux: kernel kmod/ptrace root exploit
Advisory number:  CSSA-2003-020.0
Issue date:   2003 May 09
Cross reference:
____________________________________________________________________________
__


1. Problem Description

 The kernel module loader in the Linux kernel allows local users
 to gain root privileges by using ptrace to attach to a child
 process that is spawned by the kernel.


2. Vulnerable Supported Versions

 System    Package
 ----------------------------------------------------------------------

 OpenLinux 3.1.1 Server  prior to linux-kernel-binary-2.4.13-21S.i386.rpm
     prior to linux-kernel-include-2.4.13-21S.i386.rpm
     prior to linux-source-UserMode-2.4.13-21S.i386.rpm
     prior to linux-source-alpha-2.4.13-21S.i386.rpm
     prior to linux-source-arm-2.4.13-21S.i386.rpm
     prior to linux-source-common-2.4.13-21S.i386.rpm
     prior to linux-source-cris-2.4.13-21S.i386.rpm
     prior to linux-source-i386-2.4.13-21S.i386.rpm
     prior to linux-source-ia64-2.4.13-21S.i386.rpm
     prior to linux-source-m68k-2.4.13-21S.i386.rpm
     prior to linux-source-mips-2.4.13-21S.i386.rpm
     prior to linux-source-parisc-2.4.13-21S.i386.rpm
     prior to linux-source-ppc-2.4.13-21S.i386.rpm
     prior to linux-source-s390-2.4.13-21S.i386.rpm
     prior to linux-source-sparc-2.4.13-21S.i386.rpm
     prior to linux-source-superH-2.4.13-21S.i386.rpm

 OpenLinux 3.1.1 Workstation prior to
linux-kernel-binary-2.4.13-21D.i386.rpm
     prior to linux-kernel-include-2.4.13-21D.i386.rpm
     prior to linux-source-UserMode-2.4.13-21D.i386.rpm
     prior to linux-source-alpha-2.4.13-21D.i386.rpm
     prior to linux-source-arm-2.4.13-21D.i386.rpm
     prior to linux-source-common-2.4.13-21D.i386.rpm
     prior to linux-source-cris-2.4.13-21D.i386.rpm
     prior to linux-source-i386-2.4.13-21D.i386.rpm
     prior to linux-source-ia64-2.4.13-21D.i386.rpm
     prior to linux-source-m68k-2.4.13-21D.i386.rpm
     prior to linux-source-mips-2.4.13-21D.i386.rpm
     prior to linux-source-parisc-2.4.13-21D.i386.rpm
     prior to linux-source-ppc-2.4.13-21D.i386.rpm
     prior to linux-source-s390-2.4.13-21D.i386.rpm
     prior to linux-source-sparc-2.4.13-21D.i386.rpm
     prior to linux-source-superH-2.4.13-21D.i386.rpm


3. Solution

 The proper solution is to install the latest packages. Many
 customers find it easier to use the Caldera System Updater, called
 cupdate (or kcupdate under the KDE environment), to update these
 packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

 4.1 Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/RPMS

 4.2 Packages

 41748cdaf8d1809822b131c0c2c7b90a linux-kernel-binary-2.4.13-21S.i386.rpm
 acaaf0982bd6ad7c945c3a463164b56c linux-kernel-include-2.4.13-21S.i386.rpm
 588b015160d3c7e6ca649986de74d923 linux-source-UserMode-2.4.13-21S.i386.rpm
 f5dbb77015b314909a5242e58a3ac7b9 linux-source-alpha-2.4.13-21S.i386.rpm
 7f2472b4958d8b268d87525b29eefeaf linux-source-arm-2.4.13-21S.i386.rpm
 80a201cbcb343a3ea565b045f882e1ce linux-source-common-2.4.13-21S.i386.rpm
 dba74ba0f87828c6f82a98642986e271 linux-source-cris-2.4.13-21S.i386.rpm
 dd3048b40b323b96335efe17309fb5f3 linux-source-i386-2.4.13-21S.i386.rpm
 869c0409318d7a01264c7a7a42b8c51d linux-source-ia64-2.4.13-21S.i386.rpm
 7341a22a39014c8a642a91c1cad50a29 linux-source-m68k-2.4.13-21S.i386.rpm
 e580fc559de6f8788112cce694e58784 linux-source-mips-2.4.13-21S.i386.rpm
 d2417933a143e47027d0bf00d7d4e96e linux-source-parisc-2.4.13-21S.i386.rpm
 917579c9a6520dfb8791821d3e773181 linux-source-ppc-2.4.13-21S.i386.rpm
 d154580aea946574447b733e7ca09fcb linux-source-s390-2.4.13-21S.i386.rpm
 247d115a3ecc81e93af2ae883dcf19ed linux-source-sparc-2.4.13-21S.i386.rpm
 b5d1ecd0828b87d2a05b0d8044e29ab7 linux-source-superH-2.4.13-21S.i386.rpm

 4.3 Installation

 rpm -Fvh linux-kernel-binary-2.4.13-21S.i386.rpm
 rpm -Fvh linux-kernel-include-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-UserMode-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-alpha-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-arm-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-common-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-cris-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-i386-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-ia64-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-m68k-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-mips-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-parisc-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-ppc-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-s390-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-sparc-2.4.13-21S.i386.rpm
 rpm -Fvh linux-source-superH-2.4.13-21S.i386.rpm

 4.4 Source Package Location

 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/SRPMS

 4.5 Source Packages

 ddc96e148b473b86b63927b489f55404 linux-2.4.13-21S.src.rpm


5. OpenLinux 3.1.1 Workstation

 5.1 Package Location


ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/RP
MS

 5.2 Packages

 bd5364e5bf524dbd080e2a734afb47e2 linux-kernel-binary-2.4.13-21D.i386.rpm
 c7eb0c054673c38181336556b5bc6d96 linux-kernel-include-2.4.13-21D.i386.rpm
 d8ccf3ed3e5e0851b1d398a5143d4cb9 linux-source-UserMode-2.4.13-21D.i386.rpm
 53b4dcb71df1b2390ced22b62deed9ea linux-source-alpha-2.4.13-21D.i386.rpm
 0e2f96279a30492ffca3e521449a4771 linux-source-arm-2.4.13-21D.i386.rpm
 011bcb383ea9badb519435874173d529 linux-source-common-2.4.13-21D.i386.rpm
 876483cc7a9448f2a06e11d8337ad201 linux-source-cris-2.4.13-21D.i386.rpm
 d89779ea77adf5a8e9f2efb999ae7ce4 linux-source-i386-2.4.13-21D.i386.rpm
 49cf9327d4826ca35d22f84788249abd linux-source-ia64-2.4.13-21D.i386.rpm
 61a0979d2280ac6ab999ffe64f3b5caf linux-source-m68k-2.4.13-21D.i386.rpm
 eb3018d64118f872485ed2bc342e7203 linux-source-mips-2.4.13-21D.i386.rpm
 7b2b03d3864637b0635e7d57c2a72610 linux-source-parisc-2.4.13-21D.i386.rpm
 14148ea7fbcfa4e001919a2caf409384 linux-source-ppc-2.4.13-21D.i386.rpm
 e8336b89d29093a7d9e3e8d09d1e2b30 linux-source-s390-2.4.13-21D.i386.rpm
 00908c06084007713bbcc03aa1ee8233 linux-source-sparc-2.4.13-21D.i386.rpm
 4c45777444c8ca91249b757c3984582e linux-source-superH-2.4.13-21D.i386.rpm

 5.3 Installation

 rpm -Fvh linux-kernel-binary-2.4.13-21D.i386.rpm
 rpm -Fvh linux-kernel-include-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-UserMode-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-alpha-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-arm-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-common-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-cris-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-i386-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-ia64-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-m68k-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-mips-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-parisc-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-ppc-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-s390-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-sparc-2.4.13-21D.i386.rpm
 rpm -Fvh linux-source-superH-2.4.13-21D.i386.rpm

 5.4 Source Package Location


ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/SR
PMS

 5.5 Source Packages

 73cad7e5db287a962de14109fa126354 linux-2.4.13-21D.src.rpm


6. References

 Specific references for this advisory:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127

 SCO security resources:

  http://www.sco.com/support/security/index.html

 This security fix closes SCO incidents sr876055, fz527562,
 erg712269, sr876810, fz527692, erg712288.


7. Disclaimer

 SCO is not responsible for the misuse of any of the information
 we provide on this website and/or through our security
 advisories. Our advisories are a service to our customers intended
 to promote secure installation and use of SCO products.


8. Acknowledgements

 Andrzej Szombierski <qq@kuku.eu.org> discovered and researched
 this vulnerability.

____________________________________________________________________________
__


------=_NextPart_000_009C_01C39EE1.141422C0
Content-Type: text/plain;
	name="ATT00146.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="ATT00146.txt"

To: bugtraq@securityfocus.com announce@lists.caldera.com =
security-alerts@linuxsecurity.com


_________________________________________________________________________=
_____

			SCO Security Advisory

Subject:		OpenLinux: kernel kmod/ptrace root exploit
Advisory number: 	CSSA-2003-020.0
Issue date: 		2003 May 09
Cross reference:
_________________________________________________________________________=
_____


1. Problem Description

	The kernel module loader in the Linux kernel allows local users
	to gain root privileges by using ptrace to attach to a child
	process that is spawned by the kernel.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to =
linux-kernel-binary-2.4.13-21S.i386.rpm
					prior to linux-kernel-include-2.4.13-21S.i386.rpm
					prior to linux-source-UserMode-2.4.13-21S.i386.rpm
					prior to linux-source-alpha-2.4.13-21S.i386.rpm
					prior to linux-source-arm-2.4.13-21S.i386.rpm
					prior to linux-source-common-2.4.13-21S.i386.rpm
					prior to linux-source-cris-2.4.13-21S.i386.rpm
					prior to linux-source-i386-2.4.13-21S.i386.rpm
					prior to linux-source-ia64-2.4.13-21S.i386.rpm
					prior to linux-source-m68k-2.4.13-21S.i386.rpm
					prior to linux-source-mips-2.4.13-21S.i386.rpm
					prior to linux-source-parisc-2.4.13-21S.i386.rpm
					prior to linux-source-ppc-2.4.13-21S.i386.rpm
					prior to linux-source-s390-2.4.13-21S.i386.rpm
					prior to linux-source-sparc-2.4.13-21S.i386.rpm
					prior to linux-source-superH-2.4.13-21S.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to =
linux-kernel-binary-2.4.13-21D.i386.rpm
					prior to linux-kernel-include-2.4.13-21D.i386.rpm
					prior to linux-source-UserMode-2.4.13-21D.i386.rpm
					prior to linux-source-alpha-2.4.13-21D.i386.rpm
					prior to linux-source-arm-2.4.13-21D.i386.rpm
					prior to linux-source-common-2.4.13-21D.i386.rpm
					prior to linux-source-cris-2.4.13-21D.i386.rpm
					prior to linux-source-i386-2.4.13-21D.i386.rpm
					prior to linux-source-ia64-2.4.13-21D.i386.rpm
					prior to linux-source-m68k-2.4.13-21D.i386.rpm
					prior to linux-source-mips-2.4.13-21D.i386.rpm
					prior to linux-source-parisc-2.4.13-21D.i386.rpm
					prior to linux-source-ppc-2.4.13-21D.i386.rpm
					prior to linux-source-s390-2.4.13-21D.i386.rpm
					prior to linux-source-sparc-2.4.13-21D.i386.rpm
					prior to linux-source-superH-2.4.13-21D.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	=
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/RPMS=


	4.2 Packages

	41748cdaf8d1809822b131c0c2c7b90a	=
linux-kernel-binary-2.4.13-21S.i386.rpm
	acaaf0982bd6ad7c945c3a463164b56c	=
linux-kernel-include-2.4.13-21S.i386.rpm
	588b015160d3c7e6ca649986de74d923	=
linux-source-UserMode-2.4.13-21S.i386.rpm
	f5dbb77015b314909a5242e58a3ac7b9	linux-source-alpha-2.4.13-21S.i386.rpm
	7f2472b4958d8b268d87525b29eefeaf	linux-source-arm-2.4.13-21S.i386.rpm
	80a201cbcb343a3ea565b045f882e1ce	=
linux-source-common-2.4.13-21S.i386.rpm
	dba74ba0f87828c6f82a98642986e271	linux-source-cris-2.4.13-21S.i386.rpm
	dd3048b40b323b96335efe17309fb5f3	linux-source-i386-2.4.13-21S.i386.rpm
	869c0409318d7a01264c7a7a42b8c51d	linux-source-ia64-2.4.13-21S.i386.rpm
	7341a22a39014c8a642a91c1cad50a29	linux-source-m68k-2.4.13-21S.i386.rpm
	e580fc559de6f8788112cce694e58784	linux-source-mips-2.4.13-21S.i386.rpm
	d2417933a143e47027d0bf00d7d4e96e	=
linux-source-parisc-2.4.13-21S.i386.rpm
	917579c9a6520dfb8791821d3e773181	linux-source-ppc-2.4.13-21S.i386.rpm
	d154580aea946574447b733e7ca09fcb	linux-source-s390-2.4.13-21S.i386.rpm
	247d115a3ecc81e93af2ae883dcf19ed	linux-source-sparc-2.4.13-21S.i386.rpm
	b5d1ecd0828b87d2a05b0d8044e29ab7	=
linux-source-superH-2.4.13-21S.i386.rpm

	4.3 Installation

	rpm -Fvh linux-kernel-binary-2.4.13-21S.i386.rpm
	rpm -Fvh linux-kernel-include-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-UserMode-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-alpha-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-arm-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-common-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-cris-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-i386-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-ia64-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-m68k-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-mips-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-parisc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-ppc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-s390-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-sparc-2.4.13-21S.i386.rpm
	rpm -Fvh linux-source-superH-2.4.13-21S.i386.rpm

	4.4 Source Package Location

	=
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/SRPM=
S

	4.5 Source Packages

	ddc96e148b473b86b63927b489f55404	linux-2.4.13-21S.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	=
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0=
/RPMS

	5.2 Packages

	bd5364e5bf524dbd080e2a734afb47e2	=
linux-kernel-binary-2.4.13-21D.i386.rpm
	c7eb0c054673c38181336556b5bc6d96	=
linux-kernel-include-2.4.13-21D.i386.rpm
	d8ccf3ed3e5e0851b1d398a5143d4cb9	=
linux-source-UserMode-2.4.13-21D.i386.rpm
	53b4dcb71df1b2390ced22b62deed9ea	linux-source-alpha-2.4.13-21D.i386.rpm
	0e2f96279a30492ffca3e521449a4771	linux-source-arm-2.4.13-21D.i386.rpm
	011bcb383ea9badb519435874173d529	=
linux-source-common-2.4.13-21D.i386.rpm
	876483cc7a9448f2a06e11d8337ad201	linux-source-cris-2.4.13-21D.i386.rpm
	d89779ea77adf5a8e9f2efb999ae7ce4	linux-source-i386-2.4.13-21D.i386.rpm
	49cf9327d4826ca35d22f84788249abd	linux-source-ia64-2.4.13-21D.i386.rpm
	61a0979d2280ac6ab999ffe64f3b5caf	linux-source-m68k-2.4.13-21D.i386.rpm
	eb3018d64118f872485ed2bc342e7203	linux-source-mips-2.4.13-21D.i386.rpm
	7b2b03d3864637b0635e7d57c2a72610	=
linux-source-parisc-2.4.13-21D.i386.rpm
	14148ea7fbcfa4e001919a2caf409384	linux-source-ppc-2.4.13-21D.i386.rpm
	e8336b89d29093a7d9e3e8d09d1e2b30	linux-source-s390-2.4.13-21D.i386.rpm
	00908c06084007713bbcc03aa1ee8233	linux-source-sparc-2.4.13-21D.i386.rpm
	4c45777444c8ca91249b757c3984582e	=
linux-source-superH-2.4.13-21D.i386.rpm

	5.3 Installation

	rpm -Fvh linux-kernel-binary-2.4.13-21D.i386.rpm
	rpm -Fvh linux-kernel-include-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-UserMode-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-alpha-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-arm-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-common-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-cris-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-i386-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-ia64-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-m68k-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-mips-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-parisc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-ppc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-s390-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-sparc-2.4.13-21D.i386.rpm
	rpm -Fvh linux-source-superH-2.4.13-21D.i386.rpm

	5.4 Source Package Location

	=
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0=
/SRPMS

	5.5 Source Packages

	73cad7e5db287a962de14109fa126354	linux-2.4.13-21D.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0127

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876055, fz527562,
	erg712269, sr876810, fz527692, erg712288.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Andrzej Szombierski <qq@kuku.eu.org> discovered and researched
	this vulnerability.

_________________________________________________________________________=
_____

------=_NextPart_000_009C_01C39EE1.141422C0
Content-Type: application/octet-stream;
	name="ATT00148.dat"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="ATT00148.dat"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6/47UACgkQbluZssSXDTHTpwCfZ3K2gjTEbUgw0XyZHzzqlGI7
kmgAn3ZWnYy54NBSJ88yYjIU/52c4wTl
=KEvs
-----END PGP SIGNATURE-----

------=_NextPart_000_009C_01C39EE1.141422C0--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH