LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 2.2 kernel denial of service vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux The kernel in Red Hat Linux 6.2 and 7 is vulnerable to a local denial of service attack.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New kernel 2.2 packages fix local denial of service issue
Advisory ID:       RHSA-2002:264-05
Issue date:        2002-09-23
Updated on:        2002-11-25
Product:           Red Hat Linux
Keywords:          bugtraq DoS
Cross references:  
Obsoletes:         RHSA-2002:210
---------------------------------------------------------------------

1. Topic:

The kernel in Red Hat Linux 6.2 and 7 is vulnerable to
a local denial of service attack.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386, i586, i686
Red Hat Linux 7.0 - i386, i586, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating system.
A vulnerability in the Linux kernel has been discovered in which a non-root
user can cause the machine to freeze. This kernel addresses the
vulnerability.  

Note: This bug is specific to the x86 architecture kernels only, and does
not affect other architectures.

All users of Red Hat Linux 6.2 and 7 should upgrade to
these errata packages, which are not vulnerable to this issue.

Thanks go to Christopher Devine for reporting the vulnerability on bugtraq,
and Petr Vandrovec for being the first to supply a fix to the community.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied. 

The procedure for upgrading the kernel is documented at:
 
http://www.Red Hat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network.  Many
people find this to be an easier way to apply updates.  To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm

i586: 
ftp://updates.Red Hat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm

i686: 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
8c93dac15cbb3162f4cde7c0c0de5643 6.2/en/os/SRPMS/kernel-2.2.22-6.2.3.src.rpm
a9b510b4ffca3e7bf643a46f99ee749f 6.2/en/os/i386/kernel-2.2.22-6.2.3.i386.rpm
5c08d5ac6ffebde931cc924914bf4f10 6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.3.i386.rpm
d417601fb70f93e159a10cf5a9e6e21b 6.2/en/os/i386/kernel-doc-2.2.22-6.2.3.i386.rpm
436d4c050116d0feb910bd93307797f2 6.2/en/os/i386/kernel-headers-2.2.22-6.2.3.i386.rpm
9c55348902c8a8f307be174c4602f59d 6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.3.i386.rpm
6d37e0e877ba6c7d812b56ab3019260e 6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.3.i386.rpm
36d0b2a93762e0f4f758bcd93e034312 6.2/en/os/i386/kernel-smp-2.2.22-6.2.3.i386.rpm
d8d77e393802a68aebf80e292522e16b 6.2/en/os/i386/kernel-source-2.2.22-6.2.3.i386.rpm
c8d46df81889868d1faff01fca32b284 6.2/en/os/i386/kernel-utils-2.2.22-6.2.3.i386.rpm
cd23cad52c4cda6b5f07480cdf21ed3b 6.2/en/os/i586/kernel-2.2.22-6.2.3.i586.rpm
53a7a0043e0d31b144fd61bdaf11e187 6.2/en/os/i586/kernel-smp-2.2.22-6.2.3.i586.rpm
93f87f2b9cfec1fd06529b6a28939d75 6.2/en/os/i686/kernel-2.2.22-6.2.3.i686.rpm
c4fd6d256c39ebc4ea00806b5ab3d56a 6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.3.i686.rpm
ff2017bb51f4d19572fde3f451d09dd1 6.2/en/os/i686/kernel-smp-2.2.22-6.2.3.i686.rpm
f82a5596f9b243dec8742963756c11ce 7.0/en/os/SRPMS/kernel-2.2.22-7.0.3.src.rpm
ba432d1cde8294af402b86270b496d3b 7.0/en/os/i386/kernel-2.2.22-7.0.3.i386.rpm
63e83e11ea93f22f4640914b14defc64 7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.3.i386.rpm
c11cc524a48dada56206b02f0c8a9425 7.0/en/os/i386/kernel-doc-2.2.22-7.0.3.i386.rpm
d5c4579a9db0a2d8e8288b8a539dbfea 7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.3.i386.rpm
cf201e8b3441f9a01799b89a8c748d0e 7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.3.i386.rpm
1fc8a3891a20c03062eb8c369a62bfce 7.0/en/os/i386/kernel-smp-2.2.22-7.0.3.i386.rpm
554eba6533979171920db4c933e8f0eb 7.0/en/os/i386/kernel-source-2.2.22-7.0.3.i386.rpm
3d42a527d8c3193d48e559f86a2ac710 7.0/en/os/i386/kernel-utils-2.2.22-7.0.3.i386.rpm
d73578bf7c208e6e11b8f3d71dd5292f 7.0/en/os/i586/kernel-2.2.22-7.0.3.i586.rpm
a528f8c13f296c12f063227606ffd7ff 7.0/en/os/i586/kernel-smp-2.2.22-7.0.3.i586.rpm
b58bd6b9bd450fe76270f2187d740fea 7.0/en/os/i686/kernel-2.2.22-7.0.3.i686.rpm
ca1fc2c95dd8e63a23507514889b9a8b 7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.3.i686.rpm
70d3da3e911ae417338701537044530d 7.0/en/os/i686/kernel-smp-2.2.22-7.0.3.i686.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at  http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:
 
http://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22

8. Contact:

The Red Hat security contact is <security@Red Hat.com>.  More contact
details at  http://www.Red Hat.com/solutions/security/news/contact.html

Copyright(c) 2000, 2001, 2002 Red Hat, Inc.


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.