RedHat Linux Kernel 2.4.20 Multiple Vulnerabilities

 Date de Publication: 2003-07-22
 Titre: RedHat Linux Kernel 2.4.20 Multiple Vulnerabilities
 K-Otik ID : 0258
 Exploitable à distance : Oui
 Exploitable en local : Oui

 
 * Description Technique - Exploit *
 
Plusieurs vulnérabilités touchent kernel 2.4.20 : La première se situe dans "/proc/tty/driver/serial", elle pourrait permettre l'identification de la longueur du mot de passe. Le second problème se situe dans l'appel "execve()". La troisième faille touche le code RPC, la quatrirème touche "/proc/self". Et la dernière faille touche le protocole STP qui peut provoquer un Déni de Service. (cf. Références).



  * Versions Vulnérables *

Astaro Security Linux 3
Conectiva Linux 7.0
Conectiva Linux 8
Conectiva Linux 9
Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid
Gentoo Linux 1.x
Linux Kernel 2.4.x
Mandrake Linux 8.x
Mandrake Linux 9.x
OpenLinux Server 3.x
OpenLinux Workstation 3.x
RedHat Enterprise Linux AS
RedHat Enterprise Linux ES
RedHat Enterprise Linux WS
RedHat Linux 7.1
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0
RedHat Linux 9
RedHat Linux Advanced Server 2.1 for Itanium
RedHat Linux Advanced Workstation 2.1 for Itanium
Slackware Linux 8.x
Slackware Linux 9.0
SuSE Linux 7.x
SuSE Linux 8.x
SuSE Linux Connectivity Server
SuSE Linux Database Server
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Office Server

 

  * Solution *

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.1/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.2/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.2/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.2/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.2/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kernel-2.4.20-19.7.src.rpm

athlon:
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-2.4.20-19.7.athlon.rpm
ftp://updates.redhat.com/7.3/en/os/athlon/kernel-smp-2.4.20-19.7.athlon.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/kernel-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-source-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-doc-2.4.20-19.7.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kernel-BOOT-2.4.20-19.7.i386.rpm

i586:
ftp://updates.redhat.com/7.3/en/os/i586/kernel-2.4.20-19.7.i586.rpm
ftp://updates.redhat.com/7.3/en/os/i586/kernel-smp-2.4.20-19.7.i586.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/kernel-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-smp-2.4.20-19.7.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/kernel-bigmem-2.4.20-19.7.i686.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kernel-2.4.20-19.8.src.rpm

athlon:
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-2.4.20-19.8.athlon.rpm
ftp://updates.redhat.com/8.0/en/os/athlon/kernel-smp-2.4.20-19.8.athlon.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/kernel-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-source-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-doc-2.4.20-19.8.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kernel-BOOT-2.4.20-19.8.i386.rpm

i586:
ftp://updates.redhat.com/8.0/en/os/i586/kernel-2.4.20-19.8.i586.rpm
ftp://updates.redhat.com/8.0/en/os/i586/kernel-smp-2.4.20-19.8.i586.rpm

i686:
ftp://updates.redhat.com/8.0/en/os/i686/kernel-2.4.20-19.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-smp-2.4.20-19.8.i686.rpm
ftp://updates.redhat.com/8.0/en/os/i686/kernel-bigmem-2.4.20-19.8.i686.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kernel-2.4.20-19.9.src.rpm

athlon:
ftp://updates.redhat.com/9/en/os/athlon/kernel-2.4.20-19.9.athlon.rpm
ftp://updates.redhat.com/9/en/os/athlon/kernel-smp-2.4.20-19.9.athlon.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/kernel-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-source-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-doc-2.4.20-19.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kernel-BOOT-2.4.20-19.9.i386.rpm

i586:
ftp://updates.redhat.com/9/en/os/i586/kernel-2.4.20-19.9.i586.rpm
ftp://updates.redhat.com/9/en/os/i586/kernel-smp-2.4.20-19.9.i586.rpm

i686:
ftp://updates.redhat.com/9/en/os/i686/kernel-2.4.20-19.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-smp-2.4.20-19.9.i686.rpm
ftp://updates.redhat.com/9/en/os/i686/kernel-bigmem-2.4.20-19.9.i686.rpm



  * Références *

https://rhn.redhat.com/errata/RHSA-2003-238.html


  * Crédits *
 
Failles découverte par Paul Starzetz et Jerry Kreuscher (Juillet 2003).

 

 Audits de Sécurité & Tests Intrusifs F-VNS Security™  Mailing Listes Advisories  Service Publicitaire

2002-2003 © Propriété de A.D.Consulting