linux-2.2.19-ow3, Owl ISO images

From: Solar Designer (solar@private)
Date: Thu Oct 18 2001 - 09:36:19 PDT


Hi,

[ I normally won't cross-post announcements to owl-users@, but this
one really needs to reach people using Owl, even if they haven't
subscribed the announcement list for whatever reason.  BTW, I am
considering a separate owl-changes list for just Owl, feedback on
this is appreciated. ]

Rafal Wojtczuk <nergal at owl.openwall.com> has discovered two
vulnerabilities in recent Linux kernels (both 2.2.x and 2.4.x).  His
detailed description of the vulnerabilities is now on its way to
Bugtraq.  A shorter description can be found in the Owl changelog
entry, also included at the end of this message.

Meanwhile, I've released an updated version of the Openwall Linux 2.2
patch, 2.2.19-ow3, which fixes the two vulnerabilities.  The patch is
available at the usual location:

	http://www.openwall.com/linux/

(The vulnerabilities are also fixed in Linux 2.4.12.)

Of the two newly discovered vulnerabilities, Linux 2.0.39-ow3 is only
affected by the DoS.  Thus, I'm not going to put out an updated Linux
2.0.x patch immediately.

At the same time, I'd like to announce the availability of ISO-9660
images of Owl-current CD's, to be updated every few weeks.  It is now
possible to boot Owl directly off a CD (on an x86) and either install
the system to a hard disk or configure the CD-booted Owl and let it go
into multi-user for actual use.  Please see the updated DOWNLOAD and
INSTALL documents for more information:

	http://www.openwall.com/Owl/
	http://www.openwall.com/Owl/INSTALL.shtml

Today's Owl ISO image includes the updated Linux kernel, 2.2.19-ow3.

Finally, here's the Owl changelog entry for this recommended kernel
update:

2001/10/18	kernel
SECURITY FIX	Severity: low to high, local, active
A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now
available.  It contains fixes for two Linux kernel vulnerabilities
discovered by Rafal Wojtczuk <nergal at owl.openwall.com> and is
strongly recommended for use with Owl.  One of the vulnerabilities
affected SUID/SGID execution by processes being traced with ptrace(2).
It was possible to trick the kernel into recognizing an unsuspecting
SUID root program as the (privileged) tracer process.  Then, if that
program would execute a program supplied by the malicious user (with
the user's credentials), the user's program would inherit the ability
to trace.  Fortunately, there's no program that would meet all of the
requirements for this attack in the default Owl install.  However,
certain supported non-default configurations of Owl are affected.  In
particular, if newgrp(1) is made available to untrusted users (which
is a supported owl-control setting) or certain third-party software
which contains SUID root binaries is installed, the vulnerability may
become exploitable and result in a local root compromise.  The other
vulnerability allowed for an effective local DoS attack by causing the
kernel to spend an almost arbitrary amount of time on dereferencing a
single symlink, without giving a chance for processes to run.

I'd like to remind that Owl changelogs may be viewed online at:

	http://www.openwall.com/Owl/CHANGES.shtml
and
	http://www.openwall.com/Owl/CHANGES-stable.shtml

-- 
/sd



This archive was generated by hypermail 2.1.3 : Sun Jan 15 2006 - 13:43:15 PST