Bug 34594
Summary: | ptrace/execve race condition still exists in kernel-2.2.17-14 | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <kluka> |
Component: | kernel | Assignee: | Arjan van de Ven <arjanv> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | CC: | abartlet, bishop, djschaap, jan.iven+rh, jarno.huuskonen, lionel.cons, milan.kerslager, pekkas, peter, plazonic, priyadi, valankar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/173119 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-04-17 07:43:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2001-04-03 23:45:32 UTC
Kernel-2.2.19 changelog shows a lot of security related updates. See http://www.linux.org.uk/VERSION/relnotes.2219.html Are you going to release an upgraded kernel errata ? Verified, the exploit works on RH 6.0 with kernel-2.2.16-3 (haven't gotten 2.2.17 in yet, but I imagine it'll work there also). This really should be priority high, I quite easily got a root drop on my own system. This is one any script-kiddie can exploit easily. Snippet of output (note /usr/local/bin/cvspwd is a suid utility I wrote for the CVS passwd server, I wanted to see it it would truely work with _any_ suid program): $./epcs2 /usr/local/bin/cvspwd bug exploited successfully. enjoy! bash# Hey, what's going on here? Two days later and status is _still_ NEW. This is a _serious_ security issue here. Is anyone even looking into this bug? Could someone at lest reply and say that you know it exists? We know it exists. We're working on a fix, however this requires careful testing as not all fixes work properly. Kernel 2.2.19 was said to fix this. It does not? Or may releasing of 2.2.19 cause some other problems? There are A LOT of patches that red hat puts into their kernels. Additionally 2.2.19 brings some significant changes to MANY portions of the kernel (namely nfs client and server and native usb) - there is a lot to test. Personally, I'd also like to see: * ipv6 * lm_sensors stuff built in by default on RHL62 too (the same code base will be used with RHL7, where they're built in). This would make a nice "put to bed" release for RHL62. There shouldn't be problems with these as they're both built as modules. Tested with kernel 2.2.19: $ ./epcs2 /usr/bin/passwd ptrace: PTRACE_ATTACH: Operation not permitted d0h! error! Exploit doesn't work (a good thing). Note that this is just the straight kernel without all the RedHat patches. Also With a minimal selection of options enabled in the config. Well, thankfully, the error's been PUBLISHED. That's excellent, as I'd be upset if every skript kiddie in the world didn't know how to do this. As an added bonus, my shell users should get a good kick out of this... many of them read sites that grab SF's data. http://www.securityfocus.com/advisories/3206 *** Bug 34058 has been marked as a duplicate of this bug. *** As this exploit works on all kernels < 2.2.19 I would be glad if the fixed RPM will be available as soon as possilbe... Huh, there was advisory 10 days ago: http://www.redhat.com/support/errata/RHSA-2001-047.html ftp://updates.redhat.com/7.0/en/os/i386/* Also I'm unable to download kernel package with up2date even I upgraded all components (up2date too) to their latest version (by up2date). The error message I received from up2date is: There was a fatal error communicating with the server. The message was: ERROR: File not found INFO : Invalid RPM package requested: /var/up2date/packages/7.0/i386/kernel- 2.2.17-14.*.rpm An error has occured while processing your request. If this problem persists please submit a bug report to rhn-help. If you choose to submit the bug report, please be sure to include details of what were you trying to do when this error occured and details on how to reproduce this problem. My system is Red Hat 7.0 and I have kernel-2.2.17-14 package on my system. up2date now works. Viola. Thanx. |