1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- -------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-02 |
7 |
- -------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200312-02 |
10 |
package: kernel |
11 |
summary: A flaw in the do_brk() function of Linux kernel 2.4.22 |
12 |
and earlier can be exploited by local users or malicious |
13 |
services to gain root privileges. |
14 |
severity: high |
15 |
Gentoo bug: 34844 |
16 |
date: 2003-12-04 |
17 |
CVE: CAN-2003-0961 |
18 |
exploit: local |
19 |
affected: <2.4.22 |
20 |
fixed: >=2.4.23 |
21 |
fixed: >=2.4.22+patches |
22 |
|
23 |
|
24 |
DESCRIPTION: |
25 |
|
26 |
Lack of proper bounds checking exists in the do_brk() kernel function in |
27 |
Linux kernels prior to 2.4.23. This bug can be used to give a userland |
28 |
program or malicious service access to the full kernel address space and |
29 |
gain root privileges. This issue is known to be exploitable. |
30 |
|
31 |
All kernel ebuilds in Portage have been bumped or patched and do not contain |
32 |
this vulnerability. The following is a list of recommended kernels. |
33 |
|
34 |
aa-sources-2.4.23_pre6-r3 |
35 |
ck-sources-2.4.22-r3 |
36 |
gentoo-sources-2.4.20-r9 |
37 |
gentoo-sources-2.4.22-r1 |
38 |
grsec-sources-2.4.22.1.9.12-r1 |
39 |
grsec-sources-2.4.22.2.0_rc3-r1 |
40 |
gs-sources-2.4.23_pre8-r1 |
41 |
hardened-sources-2.4.22-r1 |
42 |
hardened-sources-2.4.22-r1 |
43 |
ia64-sources-2.4.22-r1 |
44 |
mips-sources-2.4.22-r4 |
45 |
mips-sources-2.4.22-r5 |
46 |
openmosix-sources-2.4.22-r1 |
47 |
ppc-sources-2.4.22-r3 |
48 |
ppc-sources-benh-2.4.20-r9 |
49 |
ppc-sources-benh-2.4.21-r2 |
50 |
ppc-sources-benh-2.4.22-r3 |
51 |
ppc-sources-crypto-2.4.20-r1 |
52 |
selinux-sources-2.4.21-r5 |
53 |
sparc-sources-2.4.23 |
54 |
usermode-sources-2.4.22-r1 |
55 |
wolk-sources-4.10_pre7-r1 |
56 |
wolk-sources-4.9-r2 |
57 |
xfs-sources-2.4.20-r4 |
58 |
|
59 |
|
60 |
SOLUTION: |
61 |
|
62 |
It is recommended that all Gentoo Linux users upgrade their machines to use |
63 |
a kernel from the list above. |
64 |
|
65 |
emerge sync |
66 |
emerge -pv [your preferred kernel sources] |
67 |
emerge [your preferred kernel sources] |
68 |
[update the /usr/src/linux symlink] |
69 |
[compile and install your new kernel] |
70 |
[emerge any necessary kernel module ebuilds] |
71 |
[reboot] |
72 |
|
73 |
|
74 |
// end |
75 |
|
76 |
-----BEGIN PGP SIGNATURE----- |
77 |
Version: GnuPG v1.2.3 (Darwin) |
78 |
|
79 |
iD8DBQE/z5Wynt0v0zAqOHYRAujmAKCsOXthCcWiGvTWThjozzsjlW4q3gCdGqLI |
80 |
FWseBXkoN6qBg6u30yPVCLw= |
81 |
=V/8J |
82 |
-----END PGP SIGNATURE----- |