Hi, [ I normally won't cross-post announcements to owl-users@, but this one really needs to reach people using Owl, even if they haven't subscribed the announcement list for whatever reason. BTW, I am considering a separate owl-changes list for just Owl, feedback on this is appreciated. ] Rafal Wojtczuk <nergal at owl.openwall.com> has discovered two vulnerabilities in recent Linux kernels (both 2.2.x and 2.4.x). His detailed description of the vulnerabilities is now on its way to Bugtraq. A shorter description can be found in the Owl changelog entry, also included at the end of this message. Meanwhile, I've released an updated version of the Openwall Linux 2.2 patch, 2.2.19-ow3, which fixes the two vulnerabilities. The patch is available at the usual location: http://www.openwall.com/linux/ (The vulnerabilities are also fixed in Linux 2.4.12.) Of the two newly discovered vulnerabilities, Linux 2.0.39-ow3 is only affected by the DoS. Thus, I'm not going to put out an updated Linux 2.0.x patch immediately. At the same time, I'd like to announce the availability of ISO-9660 images of Owl-current CD's, to be updated every few weeks. It is now possible to boot Owl directly off a CD (on an x86) and either install the system to a hard disk or configure the CD-booted Owl and let it go into multi-user for actual use. Please see the updated DOWNLOAD and INSTALL documents for more information: http://www.openwall.com/Owl/ http://www.openwall.com/Owl/INSTALL.shtml Today's Owl ISO image includes the updated Linux kernel, 2.2.19-ow3. Finally, here's the Owl changelog entry for this recommended kernel update: 2001/10/18 kernel SECURITY FIX Severity: low to high, local, active A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now available. It contains fixes for two Linux kernel vulnerabilities discovered by Rafal Wojtczuk <nergal at owl.openwall.com> and is strongly recommended for use with Owl. One of the vulnerabilities affected SUID/SGID execution by processes being traced with ptrace(2). It was possible to trick the kernel into recognizing an unsuspecting SUID root program as the (privileged) tracer process. Then, if that program would execute a program supplied by the malicious user (with the user's credentials), the user's program would inherit the ability to trace. Fortunately, there's no program that would meet all of the requirements for this attack in the default Owl install. However, certain supported non-default configurations of Owl are affected. In particular, if newgrp(1) is made available to untrusted users (which is a supported owl-control setting) or certain third-party software which contains SUID root binaries is installed, the vulnerability may become exploitable and result in a local root compromise. The other vulnerability allowed for an effective local DoS attack by causing the kernel to spend an almost arbitrary amount of time on dereferencing a single symlink, without giving a chance for processes to run. I'd like to remind that Owl changelogs may be viewed online at: http://www.openwall.com/Owl/CHANGES.shtml and http://www.openwall.com/Owl/CHANGES-stable.shtml -- /sd
This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:15 PST