[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
[SECURITY BUG] All 2.2.x kernels buggy except 2.2.16
http://sendmail.net/?feed=000607linuxbug
*WOW* is all I can say for this -- this documents why you should
*instantly* upgrade to 2.2.16 from *WHATEVER* you are using,
architecture independent ... and also some new sendmail bugs/fixes
.. Suresh would/should be especially interested in this .. ( I
suppose he already knows ? )
Anyone with any box doing anything even remotely "useful"
online should read this, and do the upgrade to 2.2.16 ...
--ravi
---
Apologies about the "wasted" bandwidth.. but IMO, its not wasted.
[...]
A serious bug has been discovered in the Linux kernel that can be used
by local users to gain root access. The problem, a vulnerability in
the Linux kernel capability model, exists in kernel versions up to and
including version 2.2.15. According to Alan Cox, a key member of the
Linux developer community, "It will affect programs that drop setuid
state and rely on losing saved setuid, even those that check that the
setuid call succeeded."
To ensure that this vulnerability cannot be exploited by programs
running on Linux, Linux users are advised to update to kernel version
2.2.16 immediately.
New sendmail release blocks exploit
Because this vulnerability can be used to attack any setuid root
program that attempts to cede special permissions - including sendmail
- a patched version of sendmail has been released that checks for this
vulnerability in the kernel. If it is present, sendmail refuses to
run, making it impossible to use sendmail to exploit the problem. The
patched version, sendmail 8.10.2, also does more detailed checks on
certain system calls - notably setuid(2) - to detect other possible
attacks. While programs like sendmail and procmail are possible
vectors of attack, sources in the Linux development community have
emphasized that "this is a problem with Linux, not with sendmail."
Although the updated version of the kernel is now available as
source, it's not yet clear how quickly Red Hat and other Linux vendors will
update their own distributions. Consequently, the Sendmail Consortium
strongly advises users running open source sendmail on Linux to
upgrade to sendmail version 8.10.2. Those running Sendmail Pro or
Sendmail Switch on Linux should upgrade to Sendmail Switch version
2.0.5.
Details of the kernel vulnerability
The problem lies in the setcap(2) call, which is not documented on
most Linux-based systems. (Some documentation does exist "in expired
drafts," Alan Cox told sendmail.net, "but the committee made it rather
hard to get those.") The setcap(2) call is based on the unratified
Posix 1e draft. Cox went on to explain that the new kernel update,
version 2.2.16, adopts the final Posix draft model, which eliminates
this vulnerability.
A security advisory issued by the sendmail security team describes the
vulnerability as follows:
The setcap(2) call attempts to break down root permissions into a
series of capabilities. Normally root has all capabilities and normal
users have none of the capabilities.
One such capability is the ability of a process to do an arbitrary
setuid(2) call. As documented in ISO/IEC 9945-1 (ANSI/IEEE Std 1003.1)
POSIX Part 1:
4.2.2.2 Description
...
If {_POSIX_SAVED_IDS} is defined:
(1) If the process has appropriate privileges, the setuid()
function sets the real user ID, effective user ID, and the saved
set-user-ID to uid.
(2) If the process does not have the appropriate privileges, but
uid is equal to the real user ID or the saved set-user-ID, the
setuid() function sets the effective user ID to uid; the real user
ID and saved set-user-ID remain unchanged by this function call.
[...]
--
Ravikant K.Rao : http://www.symonds.net/~ravi/
Primary Email : <ravi@xxxxxxxxxxx> | PGP: 9544A4A1 GPG: 1024D/C2FC752D
---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe'
in either the subject or the body to unsubscribe from this list.