N-044: Red Hat Updated kernel-utils Packages Fix setuid Vulnerability
Privacy and Legal Notice
INFORMATION BULLETIN
N-044: Red Hat Updated kernel-utils Packages Fix setuid Vulnerability
[RHSA-2003: 056-10]
February 11, 2003 20:00 GMT
|
| PROBLEM: |
A vulnerability exists in the uml_net utility in the kernel-utils package that incorrectly sets its uid to the root user.
|
| PLATFORM: |
Red Hat Linux 8.0
|
| DAMAGE: |
The vulnerability could allow local users to control certain network interfaces,
add and remove arp entries and routes, and put interfaces in and out of
promiscuous mode.
|
| SOLUTION: |
Apply updated packages as stated in Red Hat's bulletin.
|
|
VULNERABILITY
ASSESSMENT: |
The risk is MEDIUM. Local users must have a legitimate account to escalate their privileges.
|
|
[***** Start RHSA-2003: 056-10 *****]
Updated kernel-utils packages fix setuid vulnerability
Advisory: RHSA-2003:056-10
Last updated on: 2003-02-07
Affected Products: Red Hat Linux 8.0
CVEs (cve.mitre.org): CAN-2003-0019
Security Advisory
Details:
An updated kernel-utils package is available that removes the setuid bits
incorrectly assigned to the uml_net binary.
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware.
The uml_net utility, a user mode linux (UML) utility, in the kernel-utils
packages that shipped with Red Hat Linux 8.0 incorrectly sets its uid to
the root user. This could allow local users to control certain network
interfaces, add and remove arp entries and routes, and put interfaces in
and out of promiscuous mode.
All users of the kernel-utils package should update to these errata
packages which contain a version of uml_net which does not setuid root.
Alternatively, as a work-around to this vulnerability, an administrator can
issue the following command as root:
chmod -s /usr/bin/uml_net
Red Hat would like to thank Johnny Robertson for alerting us to this issue.
Updated packages:
Red Hat Linux 8.0
--------------------------------------------------------------------------------
SRPMS:
kernel-utils-2.4-8.28.src.rpm
[ via FTP ] [ via HTTP ] 6eac85b6523b2931db7d039b37b6a2e8
i386:
kernel-utils-2.4-8.28.i386.rpm
[ via FTP ] [ via HTTP ] 40a718a6037b55941a289fa6adc5f0f5
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
Note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Note that you must select kernel-utils explicitly on default configurations
of up2date.
Bugs fixed: (see bugzilla for more information)
83685 - uml_net executable allows users to do bad things
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0019
Keywords:
linux, mode, uml, user
--------------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key is
available at: http://www.redhat.com/solutions/security/news/publickey.html#key
You can verify each package and see who signed it with the following command:
rpm --checksig -v filename
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum filename
Note that you need RPM >= 3.0 to check GnuPG keys.
The Red Hat security contact is security@redhat.com. More contact details at
http://www.redhat.com/solutions/security/news/contact.html
[***** End RHSA-2003: 056-10 *****]
CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the
information contained in this bulletin.
DOE-CIRC can be contacted at:
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/