Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SCO CSSA-2003-020.0: kernel kmod/ptrace vulnerability

SCO CSSA-2003-020.0: kernel kmod/ptrace vulnerability

by Nikola Strahija on May 13th, 2003 A vulnerability has been found in the Linux kernel which allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.


______________________________________________________________________________

SCO Security Advisory

Subject: OpenLinux: kernel kmod/ptrace root exploit
Advisory number: CSSA-2003-020.0
Issue date: 2003 May 09
Cross reference:
______________________________________________________________________________


1. Problem Description

The kernel module loader in the Linux kernel allows local users
to gain root privileges by using ptrace to attach to a child
process that is spawned by the kernel.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to linux-kernel-binary-2.4.13-21S.i386.rpm
prior to linux-kernel-include-2.4.13-21S.i386.rpm
prior to linux-source-UserMode-2.4.13-21S.i386.rpm
prior to linux-source-alpha-2.4.13-21S.i386.rpm
prior to linux-source-arm-2.4.13-21S.i386.rpm
prior to linux-source-common-2.4.13-21S.i386.rpm
prior to linux-source-cris-2.4.13-21S.i386.rpm
prior to linux-source-i386-2.4.13-21S.i386.rpm
prior to linux-source-ia64-2.4.13-21S.i386.rpm
prior to linux-source-m68k-2.4.13-21S.i386.rpm
prior to linux-source-mips-2.4.13-21S.i386.rpm
prior to linux-source-parisc-2.4.13-21S.i386.rpm
prior to linux-source-ppc-2.4.13-21S.i386.rpm
prior to linux-source-s390-2.4.13-21S.i386.rpm
prior to linux-source-sparc-2.4.13-21S.i386.rpm
prior to linux-source-superH-2.4.13-21S.i386.rpm

OpenLinux 3.1.1 Workstation prior to linux-kernel-binary-2.4.13-21D.i386.rpm
prior to linux-kernel-include-2.4.13-21D.i386.rpm
prior to linux-source-UserMode-2.4.13-21D.i386.rpm
prior to linux-source-alpha-2.4.13-21D.i386.rpm
prior to linux-source-arm-2.4.13-21D.i386.rpm
prior to linux-source-common-2.4.13-21D.i386.rpm
prior to linux-source-cris-2.4.13-21D.i386.rpm
prior to linux-source-i386-2.4.13-21D.i386.rpm
prior to linux-source-ia64-2.4.13-21D.i386.rpm
prior to linux-source-m68k-2.4.13-21D.i386.rpm
prior to linux-source-mips-2.4.13-21D.i386.rpm
prior to linux-source-parisc-2.4.13-21D.i386.rpm
prior to linux-source-ppc-2.4.13-21D.i386.rpm
prior to linux-source-s390-2.4.13-21D.i386.rpm
prior to linux-source-sparc-2.4.13-21D.i386.rpm
prior to linux-source-superH-2.4.13-21D.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/RPMS

4.2 Packages

41748cdaf8d1809822b131c0c2c7b90a linux-kernel-binary-2.4.13-21S.i386.rpm
acaaf0982bd6ad7c945c3a463164b56c linux-kernel-include-2.4.13-21S.i386.rpm
588b015160d3c7e6ca649986de74d923 linux-source-UserMode-2.4.13-21S.i386.rpm
f5dbb77015b314909a5242e58a3ac7b9 linux-source-alpha-2.4.13-21S.i386.rpm
7f2472b4958d8b268d87525b29eefeaf linux-source-arm-2.4.13-21S.i386.rpm
80a201cbcb343a3ea565b045f882e1ce linux-source-common-2.4.13-21S.i386.rpm
dba74ba0f87828c6f82a98642986e271 linux-source-cris-2.4.13-21S.i386.rpm
dd3048b40b323b96335efe17309fb5f3 linux-source-i386-2.4.13-21S.i386.rpm
869c0409318d7a01264c7a7a42b8c51d linux-source-ia64-2.4.13-21S.i386.rpm
7341a22a39014c8a642a91c1cad50a29 linux-source-m68k-2.4.13-21S.i386.rpm
e580fc559de6f8788112cce694e58784 linux-source-mips-2.4.13-21S.i386.rpm
d2417933a143e47027d0bf00d7d4e96e linux-source-parisc-2.4.13-21S.i386.rpm
917579c9a6520dfb8791821d3e773181 linux-source-ppc-2.4.13-21S.i386.rpm
d154580aea946574447b733e7ca09fcb linux-source-s390-2.4.13-21S.i386.rpm
247d115a3ecc81e93af2ae883dcf19ed linux-source-sparc-2.4.13-21S.i386.rpm
b5d1ecd0828b87d2a05b0d8044e29ab7 linux-source-superH-2.4.13-21S.i386.rpm

4.3 Installation

rpm -Fvh linux-kernel-binary-2.4.13-21S.i386.rpm
rpm -Fvh linux-kernel-include-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-UserMode-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-alpha-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-arm-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-common-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-cris-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-i386-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-ia64-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-m68k-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-mips-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-parisc-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-ppc-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-s390-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-sparc-2.4.13-21S.i386.rpm
rpm -Fvh linux-source-superH-2.4.13-21S.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-020.0/SRPMS

4.5 Source Packages

ddc96e148b473b86b63927b489f55404 linux-2.4.13-21S.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/RPMS

5.2 Packages

bd5364e5bf524dbd080e2a734afb47e2 linux-kernel-binary-2.4.13-21D.i386.rpm
c7eb0c054673c38181336556b5bc6d96 linux-kernel-include-2.4.13-21D.i386.rpm
d8ccf3ed3e5e0851b1d398a5143d4cb9 linux-source-UserMode-2.4.13-21D.i386.rpm
53b4dcb71df1b2390ced22b62deed9ea linux-source-alpha-2.4.13-21D.i386.rpm
0e2f96279a30492ffca3e521449a4771 linux-source-arm-2.4.13-21D.i386.rpm
011bcb383ea9badb519435874173d529 linux-source-common-2.4.13-21D.i386.rpm
876483cc7a9448f2a06e11d8337ad201 linux-source-cris-2.4.13-21D.i386.rpm
d89779ea77adf5a8e9f2efb999ae7ce4 linux-source-i386-2.4.13-21D.i386.rpm
49cf9327d4826ca35d22f84788249abd linux-source-ia64-2.4.13-21D.i386.rpm
61a0979d2280ac6ab999ffe64f3b5caf linux-source-m68k-2.4.13-21D.i386.rpm
eb3018d64118f872485ed2bc342e7203 linux-source-mips-2.4.13-21D.i386.rpm
7b2b03d3864637b0635e7d57c2a72610 linux-source-parisc-2.4.13-21D.i386.rpm
14148ea7fbcfa4e001919a2caf409384 linux-source-ppc-2.4.13-21D.i386.rpm
e8336b89d29093a7d9e3e8d09d1e2b30 linux-source-s390-2.4.13-21D.i386.rpm
00908c06084007713bbcc03aa1ee8233 linux-source-sparc-2.4.13-21D.i386.rpm
4c45777444c8ca91249b757c3984582e linux-source-superH-2.4.13-21D.i386.rpm

5.3 Installation

rpm -Fvh linux-kernel-binary-2.4.13-21D.i386.rpm
rpm -Fvh linux-kernel-include-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-UserMode-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-alpha-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-arm-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-common-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-cris-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-i386-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-ia64-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-m68k-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-mips-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-parisc-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-ppc-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-s390-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-sparc-2.4.13-21D.i386.rpm
rpm -Fvh linux-source-superH-2.4.13-21D.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-020.0/SRPMS

5.5 Source Packages

73cad7e5db287a962de14109fa126354 linux-2.4.13-21D.src.rpm


6. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr876055, fz527562,
erg712269, sr876810, fz527692, erg712288.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


8. Acknowledgements

Andrzej Szombierski discovered and researched
this vulnerability.

______________________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »