LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-22-2004, 01:38 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
WARN: Kernel vuln: MCAST_MSFILTER (2.4.22/2.6.1)


Linux kernel setsockopt MCAST_MSFILTER integer overflow
Reference: http://msgs.securepoint.com/cgi-bin/...q0404/212.html
Bugtraq, iSEC Security Research (Paul Starzetz and Wojciech Purczynski), Apr 21, 05:15


3. Impact
Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. Unsuccesfull exploitation of the vulnerability may lead to a denial-of-service
attack causing machine crash or instant reboot.

4. Solution
This bug has been fixed in the 2.4.26 and 2.6.4 kernel releases. All users of vulnerable kernels are advised to upgrade to the latest kernel version. For further information please contact your vendor.
 
Old 04-26-2004, 12:28 PM   #2
njbrain
Member
 
Registered: Jan 2004
Location: Rhinelander, WI, U.S.
Distribution: Slackware
Posts: 416

Rep: Reputation: 30
Thanks unSpawn, I now upgraded my kernel.
Noah
 
Old 04-26-2004, 07:21 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Original Poster
Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
setsockopt MCAST_MSFILTER temporary FIX

For those with valid reasons not to upgrade (are there any?) here's my testlog for the fix as presented on Bugtraq by nolife. Test ran in runlevel 1 as root on a 2.4.24-SMP Grsecurity reinforced kernel, without loading Grsec ACL's or sysctl's.

]# wget "http://sigsegv.cc/setsockopt.c" -O /tmp/setsockoptFIX.c
]# flawfinder /tmp/setsockoptFIX.c
No hits found.
]# vi /tmp/setsockoptFIX.c
]# telinit 1
Note I had to compile like this to have it work:
]# gcc -c -O3 -fomit-frame-pointer -I/lib/modules/$(uname -r)/build/include /tmp/setsockoptFIX.c -o /tmp/setsockoptFIX
]# insmod -v -n /tmp/setsockoptFIX
Using /tmp/setsockoptFIX
Symbol version prefix 'smp_'
]# insmod /tmp/setsockoptFIX
]# lsmod|grep setsockoptFIX
setsockoptFIX 1380 0 (unused)
Using Samhain's excellent kern_check:
]# kern_check /boot/System.map
WARNING: (kernel) 0xe09e7060 != 0xc0310740 (map) [sys_socketcall]
]# mount /tmp -o remount,exec && /tmp/setsockoptPOC
Calling setsockopt(), this should crash the box...
setsockopt exploit halted. abused by uid 0 with process setsockoptPOC
Invalid setsockopt: : No buffer space available
]# setsockopt exploit halted. abused by uid 0 with process setsockoptPOC


Last edited by unSpawn; 04-26-2004 at 07:26 PM.
 
Old 04-28-2004, 07:26 AM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Is thare any patch for SUSE Distro yet?
 
Old 05-04-2004, 12:27 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Original Poster
Rep: Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860Reputation: 2860
Is thare any patch for SUSE Distro yet?
I know reading is hard, but in the initial post it sez:
"4. Solution
This bug has been fixed in the 2.4.26 and 2.6.4 kernel releases. All users of vulnerable kernels are advised to upgrade to the latest kernel version."
 
Old 05-04-2004, 12:41 PM   #6
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
SuSE released finally a kernel patch that fixes and some other flaws, vulns as well.

Thanks for your response.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New Webdav vuln. ? TheIrish Linux - Security 2 04-26-2004 04:45 AM
vuln, exploits scanner dominant Linux - Security 8 04-04-2004 11:56 AM
WARN: Major kernel vuln: affects 2.6.x + 2.4.x + 2.2.x chort Linux - Security 31 02-18-2004 06:15 PM
WARN: Kernel 2.6/Samba privilage escalation vuln chort Linux - Security 0 02-15-2004 04:27 AM
WARN: kernel local vuln.: upgrade to 2.4.23 or 2.6.0-test6 unSpawn Linux - Security 14 12-27-2003 12:37 PM


All times are GMT -5. The time now is 02:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration