__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Kernel Security Update [Red Hat RHSA-2008:0129-5] February 12, 2008 19:00 GMT Number S-171 ______________________________________________________________________________ PROBLEM: A flaw was found in vmsplice. An unprivileged local user could use this flaw to gain root privileges. PLATFORM: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) DAMAGE: Local could get root privileges. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An unprivileged local user could use this ASSESSMENT: flaw to gain root privileges. A public exploit for this issue is available. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-171.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0129.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2008-0600 ______________________________________________________________________________ [***** Start Red Hat RHSA-2008:0129-5 *****] Important: kernel security update Advisory: RHSA-2008:0129-5 Type: Security Advisory Severity: Important Issued on: 2008-02-12 Last updated on: 2008-02-12 Affected Products: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) OVAL: com.redhat.rhsa-20080129.xml CVEs (cve.mitre.org): CVE-2008-0600 Details Updated kernel packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in vmsplice. An unprivileged local user could use this flaw to gain root privileges. (CVE-2008-0600) Red Hat is aware that a public exploit for this issue is available. This issue did not affect the Linux kernels distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: kernel-2.6.18-53.1.13.el5.src.rpm fa877995f013fd57f8100ce56996257f IA-32: kernel-2.6.18-53.1.13.el5.i686.rpm 7039c31ab4a6d332ae8839f12035c671 kernel-PAE-2.6.18-53.1.13.el5.i686.rpm f1b0483042b710feaa1ff941e3da5b1e kernel-PAE-devel-2.6.18-53.1.13.el5.i686.rpm 9df78847cdce45f3faa6b93f7ff057a4 kernel-debug-2.6.18-53.1.13.el5.i686.rpm d8368d7f5b725a85081f6434224e1607 kernel-debug-devel-2.6.18-53.1.13.el5.i686.rpm 2c8b91c367b3ccfed699c49e860f69e2 kernel-devel-2.6.18-53.1.13.el5.i686.rpm 8042ff7fa11dd5feb14b155aa8c32919 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.i386.rpm 5e974a887d5b80cf0f1360092ef94a1a kernel-xen-2.6.18-53.1.13.el5.i686.rpm ce36ec30b9504a297b9356ae616ce3c5 kernel-xen-devel-2.6.18-53.1.13.el5.i686.rpm 683360df4b8e6aadf6f3cc4a1cac6917 IA-64: kernel-2.6.18-53.1.13.el5.ia64.rpm 8effa95d3290a3888e69d78f5890b16f kernel-debug-2.6.18-53.1.13.el5.ia64.rpm a0314e1053848e729e12affcf4bbb98c kernel-debug-devel-2.6.18-53.1.13.el5.ia64.rpm e9a7578311d4b42754b748972ba7c41e kernel-devel-2.6.18-53.1.13.el5.ia64.rpm dbc0962e79f18ef37e24a2e0c9c1b654 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.ia64.rpm c38af3f623beacf0839e8293d599a071 kernel-xen-2.6.18-53.1.13.el5.ia64.rpm 8df06ff4a90859f04b91ce6953caa484 kernel-xen-devel-2.6.18-53.1.13.el5.ia64.rpm f856221d57a2bf085c92c2adb38a5928 PPC: kernel-2.6.18-53.1.13.el5.ppc64.rpm 2fec7432d20416172c45cefcfa3a2043 kernel-debug-2.6.18-53.1.13.el5.ppc64.rpm 3c8d2db0e4bd4a95462ef5f4e8de08b7 kernel-debug-devel-2.6.18-53.1.13.el5.ppc64.rpm 8d6847ba15eee5482e40952dcfe20c3f kernel-devel-2.6.18-53.1.13.el5.ppc64.rpm 1a8f2229afb1941afd0f8b1f3767c67c kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.ppc.rpm 46502d3f51160f0ebd907bb448409804 kernel-headers-2.6.18-53.1.13.el5.ppc64.rpm 5a3cba7023cf562a3230f65e80e065a6 kernel-kdump-2.6.18-53.1.13.el5.ppc64.rpm ef13c1e9ad1d5e46793f46a4a8d3b754 kernel-kdump-devel-2.6.18-53.1.13.el5.ppc64.rpm c744c3ec7cd70aa6b6f08dd4203cce85 s390x: kernel-2.6.18-53.1.13.el5.s390x.rpm e31fa68328d0ef5e53a911847d96e315 kernel-debug-2.6.18-53.1.13.el5.s390x.rpm 51aff576eff9bdcc2d2980ef17e1fcdd kernel-debug-devel-2.6.18-53.1.13.el5.s390x.rpm 32c162c843523a60aedb182974bfcfa3 kernel-devel-2.6.18-53.1.13.el5.s390x.rpm 41a282f30f2126c622ae54f1e23222b5 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.s390x.rpm de52cac7c3010351b46e9f6b25659d61 x86_64: kernel-2.6.18-53.1.13.el5.x86_64.rpm cdd6446e8a5e48a7084718d990e9af7f kernel-debug-2.6.18-53.1.13.el5.x86_64.rpm 52db88001f9fd83acaa0aa7f5de5bc22 kernel-debug-devel-2.6.18-53.1.13.el5.x86_64.rpm 0769e8a71ac3de95221e8e05a9a9f40a kernel-devel-2.6.18-53.1.13.el5.x86_64.rpm cb877558eaeddd932c1f6cb0d12b5562 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.x86_64.rpm 8b797723c66c6014c7caa300429b61ce kernel-xen-2.6.18-53.1.13.el5.x86_64.rpm 256a3a2adb409ed7c27d4924c3bf9821 kernel-xen-devel-2.6.18-53.1.13.el5.x86_64.rpm 260e44e30b2abbd2d75dc4a0de9fe79f Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: kernel-2.6.18-53.1.13.el5.src.rpm fa877995f013fd57f8100ce56996257f IA-32: kernel-2.6.18-53.1.13.el5.i686.rpm 7039c31ab4a6d332ae8839f12035c671 kernel-PAE-2.6.18-53.1.13.el5.i686.rpm f1b0483042b710feaa1ff941e3da5b1e kernel-PAE-devel-2.6.18-53.1.13.el5.i686.rpm 9df78847cdce45f3faa6b93f7ff057a4 kernel-debug-2.6.18-53.1.13.el5.i686.rpm d8368d7f5b725a85081f6434224e1607 kernel-debug-devel-2.6.18-53.1.13.el5.i686.rpm 2c8b91c367b3ccfed699c49e860f69e2 kernel-devel-2.6.18-53.1.13.el5.i686.rpm 8042ff7fa11dd5feb14b155aa8c32919 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.i386.rpm 5e974a887d5b80cf0f1360092ef94a1a kernel-xen-2.6.18-53.1.13.el5.i686.rpm ce36ec30b9504a297b9356ae616ce3c5 kernel-xen-devel-2.6.18-53.1.13.el5.i686.rpm 683360df4b8e6aadf6f3cc4a1cac6917 x86_64: kernel-2.6.18-53.1.13.el5.x86_64.rpm cdd6446e8a5e48a7084718d990e9af7f kernel-debug-2.6.18-53.1.13.el5.x86_64.rpm 52db88001f9fd83acaa0aa7f5de5bc22 kernel-debug-devel-2.6.18-53.1.13.el5.x86_64.rpm 0769e8a71ac3de95221e8e05a9a9f40a kernel-devel-2.6.18-53.1.13.el5.x86_64.rpm cb877558eaeddd932c1f6cb0d12b5562 kernel-doc-2.6.18-53.1.13.el5.noarch.rpm ccbe70db30dac3a58d327e3dd3325bf9 kernel-headers-2.6.18-53.1.13.el5.x86_64.rpm 8b797723c66c6014c7caa300429b61ce kernel-xen-2.6.18-53.1.13.el5.x86_64.rpm 256a3a2adb409ed7c27d4924c3bf9821 kernel-xen-devel-2.6.18-53.1.13.el5.x86_64.rpm 260e44e30b2abbd2d75dc4a0de9fe79f (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 432251 - CVE-2008-0600 kernel vmsplice_to_pipe flaw References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2008:0129-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-161: Livelink ECM UTF-7 Vulnerability S-162: Mozilla Products Vulnerabilities S-163: Simple DirectMedia Layer 1.2 Vulnerabilities S-164: Tk Vulnerability S-165: Yahoo! Music Jukebox YMP Datagrid ActiveX Vulnerabilities S-166: phpBB2 Vulnerabilities S-167: Linux-2.6 Vulnerabilities S-168: net-snmp Vulnerability S-169: Squid Vulnerability S-170: KAME Project IPv6 IPComp Vulnerability