Red Hat: 'kernel' vulnerability
Posted by LinuxSecurity.com Team   
RedHat Linux A local denial of service attack and root compromise of the kernel have been corrected, drivers have been updated, and NFS version 3 has been integrated.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Linux kernel 2.2.19 now available, provides security fixes, enhancements
Advisory ID:       RHSA-2001:047-03
Issue date:        2001-04-10
Updated on:        2001-04-10
Product:           Red Hat Linux
Keywords:          kernel 2.2.19 nfs e100 ptrace sysctl exec
Cross references:  
Obsoletes:         RHSA-2001:013
---------------------------------------------------------------------

1. Topic:

A local denial of service attack and root compromise of the kernel have
been corrected, drivers have been updated, and NFS version 3 has been
integrated.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64

Red Hat Linux 7.0 - alpha, i386, i586, i686

3. Problem description:

All Linux kernels prior to version 2.2.19 include possibilities for local
denial of service or root exploits by exercising race conditions between
the ptrace, exec, and/or suid system calls.  Additionally, the sysctl
system call included programming errors allowing a user to write to kernel
memory.  The 2.2.19 kernel fixes these problems.

Minor potential problems in the virtual memory and signal delivery
subsystems are also corrected.

Many drivers have been updated since the release of 2.2.17, our last
official kernel release, including but not limited to: 3c59x, AGP, CS46xx,
DAC960, EMU10K, Maestro 3, NE2000/PCI, Tulip, and various USB devices.  The
missing Intel E100 driver is now included.  A hang while booting on some
computers due inadvertent inclusion of a toshiba driver has been fixed.

Finally, support for NFS version 3 has been included, which has much
improved performance characteristics compared to earlier versions.  In
order to support this, new versions of nfs-utils and mount are required.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

The procedure for upgrading the kernel is documented at:
       
http://www.Red Hat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

34594 - ptrace/execve race condition still exists in kernel-2.2.17-14
34058 - ptrace race fixed in 2.2.17-14?
29947 - module e100 does not compile with kernel-source-2.2.17-14
29558 - Real Time Clock Driver v1.09
28881 - Updates to 2.2.17-14 provided, but no headers
27140 - ptrace bug is not fixed in kernel-2.2.17-14.i386.rpm
26993 - kernel 2.2.17-14 stalls at 'real time clock' until keypress
26985 - e100 driver in kernel 2.2.17-14
26809 - kernel-headers rpm is in newest kernel errata
18868 - Kernel-headers package un-buildable in kernel-2.2.16-22

6. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/nfs-utils-0.3.1-0.6.x.src.rpm 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/mount-2.10r-0.6.x.src.rpm 
ftp://updates.Red Hat.com/6.2/en/os/SRPMS/kernel-2.2.19-6.2.1.src.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/en/os/alpha/nfs-utils-0.3.1-0.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/mount-2.10r-0.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/losetup-2.10r-0.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-doc-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-headers-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-smp-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-source-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-utils-2.2.19-6.2.1.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/os/i386/nfs-utils-0.3.1-0.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/mount-2.10r-0.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/losetup-2.10r-0.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-doc-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-headers-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-smp-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-source-2.2.19-6.2.1.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i386/kernel-utils-2.2.19-6.2.1.i386.rpm

i586: 
ftp://updates.Red Hat.com/6.2/en/os/i586/kernel-2.2.19-6.2.1.i586.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i586/kernel-smp-2.2.19-6.2.1.i586.rpm

i686: 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-2.2.19-6.2.1.i686.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-smp-2.2.19-6.2.1.i686.rpm 
ftp://updates.Red Hat.com/6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.1.i686.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/en/os/sparc/nfs-utils-0.3.1-0.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/mount-2.10r-0.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/losetup-2.10r-0.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-doc-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-headers-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-smp-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-smp-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-source-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-utils-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.1.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.1.sparc.rpm

sparc64: 
ftp://updates.Red Hat.com/6.2/en/os/sparc64/kernel-2.2.19-6.2.1.sparc64.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.1.sparc64.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.1.sparc64.rpm 
ftp://updates.Red Hat.com/6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.1.sparc64.rpm

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/nfs-utils-0.3.1-6.src.rpm 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/mount-2.10r-5.src.rpm 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/kernel-2.2.19-7.0.1.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/nfs-utils-0.3.1-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/mount-2.10r-5.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/losetup-2.10r-5.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-2.2.19-7.0.1.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.1.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-doc-2.2.19-7.0.1.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-smp-2.2.19-7.0.1.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-utils-2.2.19-7.0.1.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/nfs-utils-0.3.1-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/mount-2.10r-5.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/losetup-2.10r-5.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-doc-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-smp-2.2.19-7.0.1.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/kernel-utils-2.2.19-7.0.1.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.0/en/os/i586/kernel-2.2.19-7.0.1.i586.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i586/kernel-smp-2.2.19-7.0.1.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-2.2.19-7.0.1.i686.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-smp-2.2.19-7.0.1.i686.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.1.i686.rpm



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
9729752675f2c76c4298ccfac4531bca 6.2/en/os/SRPMS/kernel-2.2.19-6.2.1.src.rpm
4d5d3b10bb5aae79303680b3a2dc23fe 6.2/en/os/SRPMS/mount-2.10r-0.6.x.src.rpm
43df46d8d4682edd9afd53cedd4a105b 6.2/en/os/SRPMS/nfs-utils-0.3.1-0.6.x.src.rpm
9c8bd7130830f76662953c868b3b1d7f 6.2/en/os/alpha/kernel-2.2.19-6.2.1.alpha.rpm
6a61260a4c2fdc691ec6f36b5884dd76 6.2/en/os/alpha/kernel-BOOT-2.2.19-6.2.1.alpha.rpm
a8395d672036900b8b52f384f1f0cc02 6.2/en/os/alpha/kernel-doc-2.2.19-6.2.1.alpha.rpm
9d553e45359c370f6e540527abb1fbee 6.2/en/os/alpha/kernel-enterprise-2.2.19-6.2.1.alpha.rpm
1ab7f85124c0dd0df652b7bd12dc4b7b 6.2/en/os/alpha/kernel-headers-2.2.19-6.2.1.alpha.rpm
889f3c5b4d02e1d8920077d9353b5b2f 6.2/en/os/alpha/kernel-smp-2.2.19-6.2.1.alpha.rpm
327f1e5cb12338d89476754ffd5c2b64 6.2/en/os/alpha/kernel-source-2.2.19-6.2.1.alpha.rpm
a1da37a8f74eb9a0a397f12862037bf1 6.2/en/os/alpha/kernel-utils-2.2.19-6.2.1.alpha.rpm
f934e2ed5e69f30700742b245b8f5cc1 6.2/en/os/alpha/losetup-2.10r-0.6.x.alpha.rpm
e5246bee33116a2987d722d40c379419 6.2/en/os/alpha/mount-2.10r-0.6.x.alpha.rpm
9588a542f45132fbc2f644fddb073d9c 6.2/en/os/alpha/nfs-utils-0.3.1-0.6.x.alpha.rpm
f6a78f430283397d9c6b9f6d9a923d66 6.2/en/os/i386/kernel-2.2.19-6.2.1.i386.rpm
70337fa3b07c916664064bef414d85aa 6.2/en/os/i386/kernel-BOOT-2.2.19-6.2.1.i386.rpm
e4b6f490302442b34ee1250c71379c4b 6.2/en/os/i386/kernel-doc-2.2.19-6.2.1.i386.rpm
3c003514a86cfe744dad6bdb90289e9b 6.2/en/os/i386/kernel-headers-2.2.19-6.2.1.i386.rpm
69657566a775b9d74249ee52d1d077bb 6.2/en/os/i386/kernel-ibcs-2.2.19-6.2.1.i386.rpm
1116bb6918b8e676675b91d2d78e6259 6.2/en/os/i386/kernel-pcmcia-cs-2.2.19-6.2.1.i386.rpm
5ffad0970eb931d1b30d2b2d2e09536c 6.2/en/os/i386/kernel-smp-2.2.19-6.2.1.i386.rpm
459e8eee22ac4da02b5d99430a637316 6.2/en/os/i386/kernel-source-2.2.19-6.2.1.i386.rpm
3b22195bd22b3334a7040b06231fe961 6.2/en/os/i386/kernel-utils-2.2.19-6.2.1.i386.rpm
190d65d0f715a4972be8033859123f8f 6.2/en/os/i386/losetup-2.10r-0.6.x.i386.rpm
4e61f8189688ed32c04f21c2333a4c32 6.2/en/os/i386/mount-2.10r-0.6.x.i386.rpm
afc0bbcefaceedba24bf8fdc2c48f000 6.2/en/os/i386/nfs-utils-0.3.1-0.6.x.i386.rpm
5e596875e91ff7263cb8b7cab2443b56 6.2/en/os/i586/kernel-2.2.19-6.2.1.i586.rpm
77b7db2f9df20527753203d03bf8be52 6.2/en/os/i586/kernel-smp-2.2.19-6.2.1.i586.rpm
95e9cf4bafb93b4c5d890a7f2801583b 6.2/en/os/i686/kernel-2.2.19-6.2.1.i686.rpm
16e5774f9fb096aad32b07f13923155b 6.2/en/os/i686/kernel-enterprise-2.2.19-6.2.1.i686.rpm
6075978ab99ea8364c67102619cf7472 6.2/en/os/i686/kernel-smp-2.2.19-6.2.1.i686.rpm
138528e203fe949038287630ad2a448f 6.2/en/os/sparc/kernel-2.2.19-6.2.1.sparc.rpm
763bc1715fd3631f72dd6f1cf0667de6 6.2/en/os/sparc/kernel-BOOT-2.2.19-6.2.1.sparc.rpm
b767cf8c34a611a0de48efb25cbc5def 6.2/en/os/sparc/kernel-doc-2.2.19-6.2.1.sparc.rpm
857d9eecea315df8182a39b0c19d4cb8 6.2/en/os/sparc/kernel-enterprise-2.2.19-6.2.1.sparc.rpm
22385d9ca1aa269eae7d3bb570a24a4c 6.2/en/os/sparc/kernel-headers-2.2.19-6.2.1.sparc.rpm
84eb24e05c27f242a1f8a31038d7a816 6.2/en/os/sparc/kernel-smp-2.2.19-6.2.1.sparc.rpm
8753b1f69fe267021dcbf7bed0cd99e2 6.2/en/os/sparc/kernel-source-2.2.19-6.2.1.sparc.rpm
1b306ac4b3726c6f37d3af4a22de1dc6 6.2/en/os/sparc/kernel-utils-2.2.19-6.2.1.sparc.rpm
fe55af7e6d0f159f4d40f53721a77603 6.2/en/os/sparc/losetup-2.10r-0.6.x.sparc.rpm
3a2d41cd4efe75bc00808fb606a9f612 6.2/en/os/sparc/mount-2.10r-0.6.x.sparc.rpm
c6e3cf1da60384558a6a5c8678c9803e 6.2/en/os/sparc/nfs-utils-0.3.1-0.6.x.sparc.rpm
15323dfbb89e5ebcd0c53aa611b3d36a 6.2/en/os/sparc64/kernel-2.2.19-6.2.1.sparc64.rpm
19491b614cb39adf425489e491dc3bf4 6.2/en/os/sparc64/kernel-BOOT-2.2.19-6.2.1.sparc64.rpm
c771d675ace8244a3a80b979c90130a8 6.2/en/os/sparc64/kernel-enterprise-2.2.19-6.2.1.sparc64.rpm
c1d68c4e5d24c15955bccbb03281a31e 6.2/en/os/sparc64/kernel-smp-2.2.19-6.2.1.sparc64.rpm
49c5882c736d432fbe3d6384698f8e59 7.0/en/os/SRPMS/kernel-2.2.19-7.0.1.src.rpm
d346fe7b45b85186b476ab39471be5a8 7.0/en/os/SRPMS/mount-2.10r-5.src.rpm
03afd104017cf2a6397643e9802ec766 7.0/en/os/SRPMS/nfs-utils-0.3.1-6.src.rpm
2c03cd012d3457d508cdf7cbe939e865 7.0/en/os/alpha/kernel-2.2.19-7.0.1.alpha.rpm
738ae803fdc77569f198e90aebd8cc2f 7.0/en/os/alpha/kernel-BOOT-2.2.19-7.0.1.alpha.rpm
849e1d3ffacce4a6820b9b9c40476544 7.0/en/os/alpha/kernel-doc-2.2.19-7.0.1.alpha.rpm
d7d4d368519fe97ceb2a9553d6a00f29 7.0/en/os/alpha/kernel-enterprise-2.2.19-7.0.1.alpha.rpm
343ef27d5b09d5fd89318ab0acf7ffe8 7.0/en/os/alpha/kernel-smp-2.2.19-7.0.1.alpha.rpm
7cf711a308e17b11aaf1fde0d2a3b920 7.0/en/os/alpha/kernel-utils-2.2.19-7.0.1.alpha.rpm
be0a11d8699886483fc79a723a257254 7.0/en/os/alpha/losetup-2.10r-5.alpha.rpm
b11894cfc39fdea15c8887a3d2770c2f 7.0/en/os/alpha/mount-2.10r-5.alpha.rpm
8d6bcd37ed31bd8fef8616912cb32a79 7.0/en/os/alpha/nfs-utils-0.3.1-6.alpha.rpm
e84175178b41f81e41fb13034d8925b5 7.0/en/os/i386/kernel-2.2.19-7.0.1.i386.rpm
9f6e3380856b862ce3b1fe746842fef5 7.0/en/os/i386/kernel-BOOT-2.2.19-7.0.1.i386.rpm
dbb6b06840a607f9a84fac2ecd4a8cbd 7.0/en/os/i386/kernel-doc-2.2.19-7.0.1.i386.rpm
f1d8efc684a65d54f018285f92994732 7.0/en/os/i386/kernel-ibcs-2.2.19-7.0.1.i386.rpm
c4c87d58d22835616bfa8bdeb5fe6cf0 7.0/en/os/i386/kernel-pcmcia-cs-2.2.19-7.0.1.i386.rpm
09a1582c668907f6894ace23f0b141cc 7.0/en/os/i386/kernel-smp-2.2.19-7.0.1.i386.rpm
25c4682f6220ac3bda2664ba932e57ac 7.0/en/os/i386/kernel-utils-2.2.19-7.0.1.i386.rpm
e35a9f6237321f065cf024e615154424 7.0/en/os/i386/losetup-2.10r-5.i386.rpm
be34dad26b057520565f62ccfcaafd9a 7.0/en/os/i386/mount-2.10r-5.i386.rpm
d5be631b7c62b149f69712053c4117d3 7.0/en/os/i386/nfs-utils-0.3.1-6.i386.rpm
6977d626ba90dcb96f20d0f7512f57b3 7.0/en/os/i586/kernel-2.2.19-7.0.1.i586.rpm
42e6d74bfa3b51db2cb9d693f0ff2122 7.0/en/os/i586/kernel-smp-2.2.19-7.0.1.i586.rpm
e77d120fed671ba7b6a5a23abd9650f6 7.0/en/os/i686/kernel-2.2.19-7.0.1.i686.rpm
ea1dd9147b57d540febd183dc6d85ae2 7.0/en/os/i686/kernel-enterprise-2.2.19-7.0.1.i686.rpm
b6bee7b0ba8f98a365b2fcd36fa1fab0 7.0/en/os/i686/kernel-smp-2.2.19-7.0.1.i686.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.linux.org.uk/VERSION/relnotes.2219.html


Copyright(c) 2000, 2001 Red Hat, Inc.