Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Red Hat/Fedora :: ciacl045.htm

Red Hat Linux 'sysctl, ptrace, & mxcsr P4 ' Vulnerability

Red Hat Linux 'sysctl, ptrace, & mxcsr P4 ' Vulnerability Privacy and Legal Notice


L-045: Red Hat Linux 'sysctl, ptrace, & mxcsr P4 ' Vulnerability

February 12, 2001 19:00 GMT

PROBLEM: Security vulnerabilities exist in the kernel routines "sysctl, ptrace, and mxcsr P4" which allow privilege escalation and the capability to affect system operation.
PLATFORM: Red Hat Linux 6.x - alpha, i386, i586, i686, sparc,sparc64
Red Hat Linux 7.0 - alpha, i386, i586, i686
DAMAGE: A local user can use the 'ptrace' and sysctl' vulnerabilities to compromise the root account. The 'mxcsr P4' vulnerability allows a user with shell access the capability of halting the CPU. This would create a Denial of Service (DoS) to other users on the system.
SOLUTION: All users are advised to upgrade to kernel-2.2.17-14. Follow the directions listed in the advisory. There are also updated drivers available for the new kernel in new RPM updates.

The risk is MEDIUM for these vulnerabilities. The exploits can only be accomplished from a local user account.

[******  Begin Red Hat Advisory ******]

                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Three security holes fixed in new kernel
Advisory ID:       RHSA-2001:013-05
Issue date:        2001-02-08
Updated on:        2001-02-08
Product:           Red Hat Linux
Keywords:          sysctl ptrace mxcsr P4
Cross references:

1. Topic: 

Three security holes fixed in new kernel, and several other
updates and bug fixes have been applied as well.

2. Relevant releases/architectures: 

Red Hat Linux 6.x - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

3. Problem description: 

Three security holes have been fixed in the kernel.  One involves
ptrace, another involves sysctl, and the last is specific to some
Intel CPUs.  All three security holes involve local access only
(they do not provide a hole to remote attackers without a local
account).  The ptrace and sysctl bugs provide local users with the
potential to compromise the root account.  Neither has an active
exploit available at the time of this writing.  The last security
hole is a DOS (Denial Of Service) that does not provide access to
the root account but does allow any user with shell access the
ability to halt the CPU.

All users are strongly recommended to upgrade.

In addition to the security fixes, these kernels contain more
advanced support for the Intel Pentium 4 processors, as well as
a number of driver updates.  These updates include e100, sis900,
cs46xx, qla1x160, qla2x00, ServeRAID, and ipvs.

In addition, a number of other bugs have been fixed.  Most notably,
the RAW I/O facility could corrupt data under certain usage patterns.

4. Solution: 

Upgrade to kernel-2.2.17-14

The procedure for upgrading the kernel is documented at:

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

5. Bug IDs fixed ( for more info): 

24737 - make oldconfig on SMP Alphas
21514 - problem with module sis900.o
21654 - PANIC: failed to set gid

6. RPMs required: 

Red Hat Linux 6.x:








Red Hat Linux 7.0:






7. Verification: 

MD5 sum                           Package Name
0fbeeba0bdcb5b7d97928726d81a48d5  6.2/SRPMS/kernel-2.2.17-14.src.rpm
94a66e9957b5f6183cd2048c37d627e6  6.2/alpha/kernel-2.2.17-14.alpha.rpm
4c2de8af30a1f0e7a5df3e0c327ce012  6.2/alpha/kernel-BOOT-2.2.17-14.alpha.rpm
bf44ed30edb776903e362203ed7c790d  6.2/alpha/kernel-doc-2.2.17-14.alpha.rpm
ae5cda1426dac598d372da0412ec3396 6.2/alpha/kernel-enterprise-2.2.17-14.alpha.rpm
1555c9e448523f168ba37423c912d96f  6.2/alpha/kernel-headers-2.2.16-3.alpha.rpm
12bffd53a573138c5f307d5debc7032b  6.2/alpha/kernel-smp-2.2.17-14.alpha.rpm
accd11c1a755f9ddbccaa3b78868c22d  6.2/alpha/kernel-source-2.2.17-14.alpha.rpm
28c6d9fb21ad9000ae4014a32c8b7ee0  6.2/alpha/kernel-utils-2.2.17-14.alpha.rpm
b32465d6af49869d91165754c4f417b2  6.2/i386/kernel-2.2.17-14.i386.rpm
e684d42f07694423d2ca7545dd941607  6.2/i386/kernel-BOOT-2.2.17-14.i386.rpm
458aacd81c6901c5b12e2694d61cef51  6.2/i386/kernel-doc-2.2.17-14.i386.rpm
cb7f09603ffde7c618ebfe25bf137994  6.2/i386/kernel-headers-2.2.16-3.i386.rpm
1dd67a1bdd6828fc5e68a01ce0941680  6.2/i386/kernel-ibcs-2.2.17-14.i386.rpm
5e68fbca7e26bc9007563f33f5faab7a  6.2/i386/kernel-pcmcia-cs-2.2.17-14.i386.rpm
1a7c5b4577a1e9cf279814ed8671bc33  6.2/i386/kernel-smp-2.2.17-14.i386.rpm
7b8467c5be0d394e40b426260f401735  6.2/i386/kernel-source-2.2.17-14.i386.rpm
d0a17158357d0825da13565114301a26  6.2/i386/kernel-utils-2.2.17-14.i386.rpm
9345ff97a923baf3d3f9b5898115407c  6.2/i586/kernel-2.2.17-14.i586.rpm
1a2e9c58b1287d59a02a2302c67d25ee  6.2/i586/kernel-smp-2.2.17-14.i586.rpm
e76faf7322d2cb16db6d68a4f26d0615  6.2/i686/kernel-2.2.17-14.i686.rpm
4d3838de0d64a73628a075cd31306ab5 6.2/i686/kernel-enterprise-2.2.17-14.i686.rpm
19a6315c05d73b612307c4083d84aa1f  6.2/i686/kernel-smp-2.2.17-14.i686.rpm
821850c50fc5bd4d4b12a70cd169c1a9  6.2/sparc/kernel-2.2.17-14.sparc.rpm
5afc4883572aa658aeb2b3f6e81795fe  6.2/sparc/kernel-BOOT-2.2.17-14.sparc.rpm
e64efcf1d5e1f3c89e019e74c2f807b3  6.2/sparc/kernel-doc-2.2.17-14.sparc.rpm
1fd07fb2a3e5fb195994d46c52a2e3f3 6.2/sparc/kernel-enterprise-2.2.17-14.sparc.rpm
28ef48469ef0d6979c3b6fdfff417a94  6.2/sparc/kernel-headers-2.2.16-3.sparc.rpm
74b02c35181f4c124948dc7857a812a7  6.2/sparc/kernel-smp-2.2.17-14.sparc.rpm
f29edc673e900e2e4b5b2dab4c936229  6.2/sparc/kernel-source-2.2.17-14.sparc.rpm
57d7bbf1a67c88bc045cc967acbaa835  6.2/sparc/kernel-utils-2.2.17-14.sparc.rpm
b966c86487d3b4363b0006d4967cc6f5  6.2/sparc64/kernel-2.2.17-14.sparc64.rpm
60785d7a36dda52e8309ee8db16bc507 6.2/sparc64/kernel-BOOT-2.2.17-14.sparc64.rpm
ec43d4f425cc694cb094f4bb4411718a 6.2/sparc64/kernel-enterprise-2.2.17-
4926009e503b50e479e4a91c33a40b6d  6.2/sparc64/kernel-smp-2.2.17-14.sparc64.rpm
ec73ecb5087782190aa87c6de38f1944  7.0/SRPMS/kernel-2.2.17-14.src.rpm
16836dc9b811aa920f27b9f4645c77d2  7.0/alpha/kernel-2.2.17-14.alpha.rpm
30805edc55754b6b5823c14adeadaed6  7.0/alpha/kernel-BOOT-2.2.17-14.alpha.rpm
4f4f52c13a014d9a3241ef65b097735b  7.0/alpha/kernel-doc-2.2.17-14.alpha.rpm
e51a30641955a2f1d74e7946cd1ec848 7.0/alpha/kernel-enterprise-2.2.17-14.alpha.rpm
cce161a3ca87b6a6fd913f0edfc1571e  7.0/alpha/kernel-smp-2.2.17-14.alpha.rpm
6416073893f16f2a4f665a05be9ec2e1  7.0/alpha/kernel-source-2.2.17-14.alpha.rpm
d1722cd0fbc15d45d5f0da21bc527b49  7.0/alpha/kernel-utils-2.2.17-14.alpha.rpm
c98c5a8f5cf6e2cd95498123d364254a  7.0/i386/kernel-2.2.17-14.i386.rpm
68eb1561679fa6a2591f24717b3b9b97  7.0/i386/kernel-BOOT-2.2.17-14.i386.rpm
50d5d81d798073ea9c16324ccda95921  7.0/i386/kernel-doc-2.2.17-14.i386.rpm
d7294666ff8f97a063f533100425ae83  7.0/i386/kernel-ibcs-2.2.17-14.i386.rpm
43885937a0b912dd56bb562f578f63a2  7.0/i386/kernel-pcmcia-cs-2.2.17-14.i386.rpm
0dcf34126e88dfbee8bd0f79a2e7089f  7.0/i386/kernel-smp-2.2.17-14.i386.rpm
f4d428e89aaa6a78c3714cc554f92ce5  7.0/i386/kernel-source-2.2.17-14.i386.rpm
c1c1adfec112d216e15a939a708c3c12  7.0/i386/kernel-utils-2.2.17-14.i386.rpm
89fa2189731d4053e966e7559ae525f1  7.0/i586/kernel-2.2.17-14.i586.rpm
adb2fd91b3283711ac25c719eb612058  7.0/i586/kernel-smp-2.2.17-14.i586.rpm
78db07ab97326c16586379f1a6cb95c6  7.0/i686/kernel-2.2.17-14.i686.rpm
b78434588b1dd4a184169a483fadfb77 7.0/i686/kernel-enterprise-2.2.17-14.i686.rpm
0cfa860325f25ef78e192beee8a66a3c  7.0/i686/kernel-smp-2.2.17-14.i686.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References: 

Thanks to Solar Designer for finding the sysctl bug, and
for the versions of the sysctl and ptrace patches we used.

Copyright(c) 2000, 2001 Red Hat, Inc.

[******  End Red Hat Advisory ******]

CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    World Wide Web:
                     (same machine -- either one will work)
    Anonymous FTP:
                     (same machine -- either one will work)

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
[Privacy and Legal Notice]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH