Re: Sendmail Workaround for Linux Capabilities Bug (fwd)
Christian Hammers wrote:
>
> Hello List
>
> Is it right that there must exist a vulnerability in the server, too that
> allowes the attacker to execute code to exploit the capabilities bug?
> In other words, how severe is the urge to update the kernels on our
> production systems?
>
> bye,
>
> -christian-
>
Below you'll find the original messages from Alan Cox announcing the
new 2.2.16 kernel release. The main point here is that you'd already
need a local account; however, I personally wouldn't take any chances
on a production system.
--
Maarten Vink
vink@euroslicht.nl
http://lsb4.euroslicht.nl/
"A computer lets you make more mistakes faster than any invention in
human history - with the possible exceptions of handguns and tequila."
> Linux 2.2.16 security release
>
> The following security problems are fixed by this release
>
> o Setuid applications. even when correctly checking for failures of
> setuid() calls could fail to drop priviledges if the invoker had
> made certain adjustments to the capability sets
>
> o Opening a socket and issuing multiple connects on it could be used
> to hang the box
>
> o Readv/writev might misbehave on some very large inputs
>
> o Potentially remote exploitable hole in the sunrpc code
>
> o User causable oopses in Appletalk and Socket code
>
> o Obscure exploitable bugs in the Sparc kernel
>
> The full list of enhancements and other bug fixes will follow later.
>
> Recommendations:
>
> You should consider updating your 2.2 kernel to 2.2.16 if
>
> o You have untrusted users on your system
> o You have publically accessible kernel sunrpc services
>
> Other major bug fixes include
>
> o The tcp retransmit crash on very high load
> o Poor VM performance under some load patterns
> o Fix for 3com 3c590 8K card stalls
>
> Alan
Reply to: