Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
From: Martin Geier <martin@geweb.net>
Date: Wed, 14 Apr 2004 18:14:02 +0200
Message-id: <[🔎] 20040414161402.GA16275@mgserv.geweb.net>
In-reply-to: <m1BDlkd-000ok5C@finlandia.Infodrom.North.DE>
References: <m1BDlkd-000ok5C@finlandia.Infodrom.North.DE>

On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote:
> Package        : kernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc
> Vulnerability  : several vulnerabilities
> Problem-Type   : local
> Debian-specific: no
> CVE ID         : CAN-2004-0003 CAN-2004-0010 CAN-2004-0109 CAN-2004-0177 CAN-2004-0178

It seems that at least the kernel-image-2.4.18-1-k7-package lacks all
modules! Please check before updating, you will probably break your
system.

[snipp]
>     http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb
>       Size/MD5 checksum:  1154342 152aca9d4a2d7014a9834c239d754d0e
# md5sum /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb 
152aca9d4a2d7014a9834c239d754d0e /var/cache/apt/archives/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb

# dpkg -L kernel-image-2.4.18-1-k7
/.
/boot
/boot/config-2.4.18-1-k7
/boot/vmlinuz-2.4.18-1-k7
/boot/System.map-2.4.18-1-k7
/usr
/usr/share
/usr/share/doc
/usr/share/doc/kernel-image-2.4.18-1-k7
/usr/share/doc/kernel-image-2.4.18-1-k7/Changes.gz
/usr/share/doc/kernel-image-2.4.18-1-k7/copyright
/usr/share/doc/kernel-image-2.4.18-1-k7/changelog.gz
/usr/share/doc/kernel-image-2.4.18-1-k7/LiloDefault.gz
/usr/share/doc/kernel-image-2.4.18-1-k7/Buildinfo
/usr/share/doc/kernel-image-2.4.18-1-k7/debian.README.gz
/usr/share/doc/kernel-image-2.4.18-1-k7/conf.vars.gz
/usr/share/doc/kernel-image-2.4.18-1-k7/README.Debian.1st.gz
/lib
/lib/modules
/lib/modules/2.4.18-1-k7
/lib/modules/2.4.18-1-k7/kernel
/lib/modules/2.4.18-1-k7/kernel/drivers
/lib/modules/2.4.18-1-k7/kernel/drivers/net
/lib/modules/2.4.18-1-k7/kernel/drivers/net/dummy.o
/lib/modules/2.4.18-1-k7/modules.dep
/lib/modules/2.4.18-1-k7/modules.generic_string
/lib/modules/2.4.18-1-k7/modules.pcimap
/lib/modules/2.4.18-1-k7/modules.isapnpmap
/lib/modules/2.4.18-1-k7/modules.usbmap
/lib/modules/2.4.18-1-k7/modules.parportmap
/lib/modules/2.4.18-1-k7/modules.ieee1394map
/lib/modules/2.4.18-1-k7/modules.pnpbiosmap

# dpkg --status  kernel-image-2.4.18-1-k7
Package: kernel-image-2.4.18-1-k7
Status: install ok installed
Priority: optional
Section: base
Installed-Size: 1708
Maintainer: Herbert Xu <herbert@debian.org>
Source: kernel-image-2.4.18-1-i386
Version: 2.4.18-13
Provides: kernel-image, kernel-image-2.4
Depends: initrd-tools (>= 0.1.21), fileutils (>= 4.0), modutils (>=
2.3.12)
Suggests: lilo (>= 19.1), fdutils, kernel-doc-2.4.18,
kernel-pcmcia-modules-2.4.18-1-k7 | pcmcia-modules-2.4.18-1-k7
Description: Linux kernel image for version 2.4.18 on AMD K7

Greetings,
Martin 

-- 
 /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ 
| PGP-Key 0x43D23ABE available via www.de.pgp.net, see header for fpr |
| Uptime:  3 days, 22 hours, 57 minutes and 32 seconds (Linux 2.4.18) |
 \___________________________________________________________________/

Reply to:

Prev by Date: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Next by Date: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Previous by thread: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Next by thread: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Index(es):
- Date
- Thread