RedHat: kernel 2.4 ehternet vulnerability
Posted by LinuxSecurity.com Team   
RedHat Linux Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated 2.4 kernel fixes various vulnerabilities
Advisory ID:       RHSA-2003:025-20
Issue date:        2003-01-24
Updated on:        2003-02-03
Product:           Red Hat Linux
Keywords:          ethernet frame padding O_DIRECT
Cross references:  
Obsoletes:         RHBA-2002:292
CVE Names:         CAN-2003-0001 CAN-2003-0018
---------------------------------------------------------------------

1. Topic:

Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available that fix an information leak from several ethernet drivers, and
a file system issue.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - athlon, i386, i586, i686
Red Hat Linux 7.2 - athlon, i386, i586, i686
Red Hat Linux 7.3 - athlon, i386, i586, i686
Red Hat Linux 8.0 - athlon, i386, i586, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating system. 
Vulnerabilities have been found in version 2.4.18 of the kernel.  This
advisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0.  

Multiple ethernet Network Interface Card (NIC) device drivers do not pad
frames with null bytes, which allows remote attackers to obtain information
from previous packets or kernel memory by using malformed packets.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0001 to this issue.

A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and
later that can create a limited information leak where any user on the
system with write privileges to a file system can read information from
that file system (from previously deleted files), and can create minor file
system corruption (easily repaired by fsck).  Red Hat Linux in its default
configuration is not affected by this bug, because the ext3 file system
(the default file system in Red Hat Linux 7.2 and later) does not support
the O_DIRECT feature.  Of the kernels Red Hat has released, only the 2.4.18
kernels have this bug.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.

Users of the ext2 file system can migrate to the ext3 file system
using the tune2fs program as described in the white paper at 
http://www.Red Hat.com/support/wpapers/Red Hat/ext3/

All users of Red Hat Linux 7.1, 7.2, 7.3, and 8.0 should upgrade
to these errata packages, which contain patches to ethernet drivers to
remove the information leak and a patch to fix O_DIRECT handling.

In addition, the following drivers are upgraded to support newer hardware:
3c59x, e100, e1000, tg3

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied, especially the additional
packages from RHSA-2002:205 and RHSA-2002:206 respectively.

The procedure for upgrading the kernel manually is documented at:
 
http://www.Red Hat.com/support/docs/howto/kernel-upgrade/

Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

76159 - Errata kernel 2.4.18-17.8.0 fails PCI resource allocation

6. RPMs required:

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm

athlon: 
ftp://updates.Red Hat.com/7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm 
ftp://updates.Red Hat.com/7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm

athlon: 
ftp://updates.Red Hat.com/7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm 
ftp://updates.Red Hat.com/7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm

athlon: 
ftp://updates.Red Hat.com/7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm 
ftp://updates.Red Hat.com/7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm

i586: 
ftp://updates.Red Hat.com/7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm

i686: 
ftp://updates.Red Hat.com/7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm

Red Hat Linux 8.0:

SRPMS: 
ftp://updates.Red Hat.com/8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm

athlon: 
ftp://updates.Red Hat.com/8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm 
ftp://updates.Red Hat.com/8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm

i386: 
ftp://updates.Red Hat.com/8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm

i586: 
ftp://updates.Red Hat.com/8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm

i686: 
ftp://updates.Red Hat.com/8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm 
ftp://updates.Red Hat.com/8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
4d0a3a9f1bcdfec8a014c5666a4c4501 7.1/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
7179efeb266bba7aa633a01267e24e74 7.1/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
fcd9c11db5c7c02bd8ac16c12260c0e6 7.1/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
63f1217de153ff63217515e1b016da33 7.1/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm
03a071c1c7252869382d683b1ceefa9f 7.1/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm
18dd6648f9d77d3d266e584c7c2feca4 7.1/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm
040aafbd075ad5f4041fa086a8179c80 7.1/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm
0a6684bc40e9f9f06d934dd806e182b3 7.1/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm
35e33d5b3746db33bdf747bf4a866e00 7.1/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm
e0f9b4ae807dd4ee026a026f8233e977 7.1/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm
ef2c961e676946329d5221fda16e2846 7.1/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm
13e60edc74a4e9ae6efe396acab4eb70 7.1/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm
c7b78cdeb9e72d94cfa80bbe49303241 7.1/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm
4d0a3a9f1bcdfec8a014c5666a4c4501 7.2/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
7179efeb266bba7aa633a01267e24e74 7.2/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
fcd9c11db5c7c02bd8ac16c12260c0e6 7.2/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
63f1217de153ff63217515e1b016da33 7.2/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm
03a071c1c7252869382d683b1ceefa9f 7.2/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm
18dd6648f9d77d3d266e584c7c2feca4 7.2/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm
040aafbd075ad5f4041fa086a8179c80 7.2/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm
0a6684bc40e9f9f06d934dd806e182b3 7.2/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm
35e33d5b3746db33bdf747bf4a866e00 7.2/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm
e0f9b4ae807dd4ee026a026f8233e977 7.2/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm
ef2c961e676946329d5221fda16e2846 7.2/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm
13e60edc74a4e9ae6efe396acab4eb70 7.2/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm
c7b78cdeb9e72d94cfa80bbe49303241 7.2/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm
4d0a3a9f1bcdfec8a014c5666a4c4501 7.3/en/os/SRPMS/kernel-2.4.18-24.7.x.src.rpm
7179efeb266bba7aa633a01267e24e74 7.3/en/os/athlon/kernel-2.4.18-24.7.x.athlon.rpm
fcd9c11db5c7c02bd8ac16c12260c0e6 7.3/en/os/athlon/kernel-smp-2.4.18-24.7.x.athlon.rpm
63f1217de153ff63217515e1b016da33 7.3/en/os/i386/kernel-2.4.18-24.7.x.i386.rpm
03a071c1c7252869382d683b1ceefa9f 7.3/en/os/i386/kernel-BOOT-2.4.18-24.7.x.i386.rpm
18dd6648f9d77d3d266e584c7c2feca4 7.3/en/os/i386/kernel-doc-2.4.18-24.7.x.i386.rpm
040aafbd075ad5f4041fa086a8179c80 7.3/en/os/i386/kernel-source-2.4.18-24.7.x.i386.rpm
0a6684bc40e9f9f06d934dd806e182b3 7.3/en/os/i586/kernel-2.4.18-24.7.x.i586.rpm
35e33d5b3746db33bdf747bf4a866e00 7.3/en/os/i586/kernel-smp-2.4.18-24.7.x.i586.rpm
e0f9b4ae807dd4ee026a026f8233e977 7.3/en/os/i686/kernel-2.4.18-24.7.x.i686.rpm
ef2c961e676946329d5221fda16e2846 7.3/en/os/i686/kernel-bigmem-2.4.18-24.7.x.i686.rpm
13e60edc74a4e9ae6efe396acab4eb70 7.3/en/os/i686/kernel-debug-2.4.18-24.7.x.i686.rpm
c7b78cdeb9e72d94cfa80bbe49303241 7.3/en/os/i686/kernel-smp-2.4.18-24.7.x.i686.rpm
3ab26ebfd1c80ba101b5b86bf5cd6421 8.0/en/os/SRPMS/kernel-2.4.18-24.8.0.src.rpm
6e12213933aac18036ecbec4e9d0b0ac 8.0/en/os/athlon/kernel-2.4.18-24.8.0.athlon.rpm
619979740d16881959d5f888aefaf195 8.0/en/os/athlon/kernel-smp-2.4.18-24.8.0.athlon.rpm
2be552e4025aba02877ca21a0bd64007 8.0/en/os/i386/kernel-2.4.18-24.8.0.i386.rpm
232613b661b5dc806647935bbab16cb0 8.0/en/os/i386/kernel-BOOT-2.4.18-24.8.0.i386.rpm
b0dddbebe98c52bdeb737473319008a0 8.0/en/os/i386/kernel-doc-2.4.18-24.8.0.i386.rpm
43ffe5e9be347b2da60d83cc03d64923 8.0/en/os/i386/kernel-source-2.4.18-24.8.0.i386.rpm
d69f50521cb66ce09a9cefde417e8107 8.0/en/os/i586/kernel-2.4.18-24.8.0.i586.rpm
91e3b03e57e7df41d1472b45ad151719 8.0/en/os/i586/kernel-smp-2.4.18-24.8.0.i586.rpm
5ccc7bd0668a144b91580490ae487744 8.0/en/os/i686/kernel-2.4.18-24.8.0.i686.rpm
551569c64e64b83c145dc17b08dd505b 8.0/en/os/i686/kernel-bigmem-2.4.18-24.8.0.i686.rpm
56fafedd2ee58f288327fb56eaafd884 8.0/en/os/i686/kernel-debug-2.4.18-24.8.0.i686.rpm
b125aab060782242428bdafb05edab93 8.0/en/os/i686/kernel-smp-2.4.18-24.8.0.i686.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at  http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


8. References:
 
http://www.atstake.com/research/advisories/2003/a010603-1.txt 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0018

9. Contact:

The Red Hat security contact is <security@Red Hat.com>.  More contact
details at  http://www.Red Hat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.