__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Red Hat New Kernel Fixes Local Security Issues [Red Hat Security Advisory RHSA-2002:206-13] May 14, 2003 18:00 GMT Number N-096 [REVISED May 15, 2003] ______________________________________________________________________________ PROBLEM: Red Hat has relesased updates to fix vulnerabilities in the Linux kernel. The vulnerabilities were found in the ixj telephony card driver, the pcilynx firewire driver, and the bttv video capture card driver. Also a number of bugs have been fixed in the IDE tapestreamer driver. PLATFORM: Red Hat Linux 7.3 Red Hat Linux 8.0 DAMAGE: Exploiting any of these vulnerabilities could allow a local user to obtain elevated (root) privileges. SOLUTION: Apply patches as stated in Red Hat's bulletin. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A security code audit of the 2.4 kernel ASSESSMENT: found a number of possible local security vulnerabilities. All Red Hat Linux 7.3 and 8.0 users should upgrade to this errata kernel which is not vulnerable to these security issues. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-096.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2002-206.html ______________________________________________________________________________ REVISION HISTORY: 5/15/03 - updated package information with "File Outdated..." statments. [***** Start Red Hat Security Advisory RHSA-2002:206-13 *****] New kernel fixes local security issues Advisory: RHSA-2002:206-13 Last updated on: 2003-05-14 Affected Products: Red Hat Linux 7.3 Red Hat Linux 8.0 Security Advisory Details: Updated kernel fixes local security issues and provides several updated drivers to support newer hardware and fix bugs under Red Hat Linux 7.3. [Update 8 May 2003] Added missing modutils-devel packages for Red Hat Linux 7.3 The Linux kernel handles the basic functions of the operating system. A security code audit of the 2.4 kernel found a number of possible local security vulnerabilities which could allow a local user to obtain elevated (root) privileges. The vulnerabilities were found in the ixj telephony card driver, the pcilynx firewire driver, and the bttv video capture card driver. In addition, several drivers (e100, e1000, tg3n and IDE) have been updated to support newer hardware for Red Hat Linux 7.3, and a number of bugs have been fixed in IDE tapestreamer driver. All Red Hat Linux 7.3 and 8.0 users should upgrade to this errata kernel which is not vulnerable to these security issues. NOTE: As with the 8.0 release, IDE DMA on CD-ROM drives is disabled by default. If you are sure that your CD-ROM drive is capable of IDE DMA, place the following line in the /etc/modules.conf file: options ide-cd dma=1 Thanks to Silvio Cesare for finding the local security issues. Updated packages: Red Hat Linux 7.3 SRPMS: hwdata-0.14.1-1.src.rpm [ via FTP ] [ via HTTP ] 5c742d695efa74cce26a070a018561b6 kernel-2.4.18-17.7.x.src.rpm File outdated by: RHSA-2003:172 d0cf8ef64412c78c9d32da9d0cb9850d modutils-2.4.18-3.7x.src.rpm [ via FTP ] [ via HTTP ] 0414620fa83d72ffd9f128be2e4bf430 athlon: kernel-2.4.18-17.7.x.athlon.rpm File outdated by: RHSA-2003:172 082114a540f7bd692476584e38c6cd5c kernel-smp-2.4.18-17.7.x.athlon.rpm File outdated by: RHSA-2003:172 bd2fa5b6b721caf12dcea357304c008b i386: kernel-2.4.18-17.7.x.i386.rpm File outdated by: RHSA-2003:172 cfdef58820f5d7701f4221c80a7c821b kernel-BOOT-2.4.18-17.7.x.i386.rpm File outdated by: RHSA-2003:172 145d063537e3a34723d50e611cbd37a8 kernel-doc-2.4.18-17.7.x.i386.rpm File outdated by: RHSA-2003:172 8d9a20e2f4d82cc262cab928910377fa kernel-source-2.4.18-17.7.x.i386.rpm File outdated by: RHSA-2003:172 0344cc1d42651916fb91ed7a700f3f90 modutils-2.4.18-3.7x.i386.rpm [ via FTP ] [ via HTTP ] cddd8196a38dbff1a8e34429415670fb modutils-devel-2.4.18-3.7x.i386.rpm [ via FTP ] [ via HTTP ] 8c663b5015ba81b2ebef80307a37885f i586: kernel-2.4.18-17.7.x.i586.rpm File outdated by: RHSA-2003:172 576ceca80b035a10b942e6feb217c055 kernel-smp-2.4.18-17.7.x.i586.rpm File outdated by: RHSA-2003:172 d9d2b3fa23ee4733b35fd730e9553625 i686: kernel-2.4.18-17.7.x.i686.rpm File outdated by: RHSA-2003:172 3a3afd67620fc36de17876629398dceb kernel-bigmem-2.4.18-17.7.x.i686.rpm File outdated by: RHSA-2003:172 fe9a658e1e22defc3cf5e2134646a6eb kernel-debug-2.4.18-17.7.x.i686.rpm File outdated by: RHSA-2003:098 158c941a9b430581a7bcd23ec1398052 kernel-smp-2.4.18-17.7.x.i686.rpm File outdated by: RHSA-2003:172 f9e11d26c2ca35ef403656be882fb592 noarch: hwdata-0.14.1-1.noarch.rpm [ via FTP ] [ via HTTP ] 100b8e47ecde440cca8122a08fb59b81 Red Hat Linux 8.0 SRPMS: hwdata-0.48-1.src.rpm [ via FTP ] [ via HTTP ] eb9d565f55332264a15afadfc2e2b1a6 kernel-2.4.18-17.8.0.src.rpm File outdated by: RHSA-2003:172 11c9a0e4224f20712b24805fd4e5f0be athlon: kernel-2.4.18-17.8.0.athlon.rpm File outdated by: RHSA-2003:172 0ccc7295596f093121f4e2ae9767ebd1 kernel-smp-2.4.18-17.8.0.athlon.rpm File outdated by: RHSA-2003:172 e0e77e845a0b2e491150cf4e892d6c24 i386: kernel-2.4.18-17.8.0.i386.rpm File outdated by: RHSA-2003:172 47870d4e2b646a59c8ade167f38575e6 kernel-BOOT-2.4.18-17.8.0.i386.rpm File outdated by: RHSA-2003:172 9e38f1aeebbc862dcf050b936dcc781e kernel-doc-2.4.18-17.8.0.i386.rpm File outdated by: RHSA-2003:172 78734f41ea1ba399f0a7d60f7d46bb8f kernel-source-2.4.18-17.8.0.i386.rpm File outdated by: RHSA-2003:172 c869e31fdd68ae7b1beae942282717b4 i586: kernel-2.4.18-17.8.0.i586.rpm File outdated by: RHSA-2003:172 49a2d9c5add3431c395574c7456f5596 kernel-smp-2.4.18-17.8.0.i586.rpm File outdated by: RHSA-2003:172 69ece85c6df4002f7e071c4b210c204f i686: kernel-2.4.18-17.8.0.i686.rpm File outdated by: RHSA-2003:172 f05ebe7ff48fea54ed013018f1133b5e kernel-bigmem-2.4.18-17.8.0.i686.rpm File outdated by: RHSA-2003:172 9b9a868c08b100dbd5c1f7458fd5331d kernel-debug-2.4.18-17.8.0.i686.rpm File outdated by: RHSA-2003:098 c8e06fe44752510d49ad227ab01f323c kernel-smp-2.4.18-17.8.0.i686.rpm File outdated by: RHSA-2003:172 f5efa4f4d8db58a413a41bc66c13c3da noarch: hwdata-0.48-1.noarch.rpm [ via FTP ] [ via HTTP ] d160a0e0aa78e76b5c9a7c229d516eb8 Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. The procedure for upgrading the kernel manually is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/ Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Note that you need to select the kernel explicitly on default configurations of up2date. Bugs fixed: (see bugzilla for more information) 71622 - cs4232 module is not auto-loaded on use 73339 - apm locks up Asus A7N266VM (nForce chipset) 74589 - speedstep doesn't work on IBM ThinkPad T30 (pentium 4) 74879 - aha152x driver broken 75107 - boot time in /proc/stat is incorrect 75113 - /proc/uptime shows wrong uptime (slightly) and idle time (totally) References: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.18 The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/solutions/security/news/publickey/#key You can verify each package and see who signed it with the following command: rpm --checksig -v filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum filename The Red Hat security contact is security@redhat.com. More contact details at http://www.redhat.com/solutions/security/news/contact.html Copyright © 2002 Red Hat, Inc. All rights reserved. Search by Google [***** End Red Hat Security Advisory RHSA-2002:206-13 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) N-086: HP Tru64 UNIX Software Installation and Update Utilities Vulnerability N-087: Microsoft Cumulative Patch for BizTalk Server N-088: Hewlett-Packard rexec Command Security Vulnerability N-089: Red Hat MySQL Vulnerabilities N-090: Red Hat mod_auth_any Vulnerabilities N-091: Sun Cobalt PHP SafeMode Vulnerability N-092: Microsoft Flaw in Windows Media Player Skins N-093: Cisco VPN 3000 Concentrator Vulnerabilities N-094: HP Potential Security Vulnerability in wall(1M) N-095: Red Hat Multiple Vulnerabilities in KDE