RedHat Kernel Errata fixing 2 serious bugs

Discuss and suggest new grsecurity features

RedHat Kernel Errata fixing 2 serious bugs

Postby superbock » Thu May 15, 2003 1:45 am

Hi!

RedHat released an errata for their kernel package, that fixes 2 security bugs (with the TCP/IP stack and ioperm()).

More info here:

http://marc.theaimsgroup.com/?l=bk-comm ... 607144&w=2

http://bugzilla.kernel.org/show_bug.cgi?id=703


Regards
superbock
 
Posts: 37
Joined: Sun Mar 31, 2002 6:34 pm

Re: RedHat Kernel Errata fixing 2 serious bugs

Postby DMZ » Sun May 18, 2003 10:53 pm

superbock wrote:Hi!

RedHat released an errata for their kernel package, that fixes 2 security bugs (with the TCP/IP stack and ioperm()).

More info here:

http://marc.theaimsgroup.com/?l=bk-comm ... 607144&w=2

http://bugzilla.kernel.org/show_bug.cgi?id=703


Regards


The ioperm privilege fix was recently added to grsecurity in CVS. However, that still leaves the route cache flooding DOS vulnerability.

It really does look like the 2.4.20 kernel is in a bit of a state when it comes to vulnerabilities. To illustrate, here's a rundown of some of the recent flaws:

Race in ptrace/kmem:
    2.4.20: not fixed
    2.4.21-pre6: fixed
    2.4.21-rc2: fixup to the fix
    grsecurity: both fixed
Improper ioperm privileges: (trivial to patch)
    2.4.20: not fixed
    2.4.21-rc2: not fixed
    grsecurity: fixed
Route cache flooding DOS:
    2.4.20: not fixed
    2.4.21-rc2: fixed
    grsecurity: not fixed
make xconfig: (not a vulnerability, but it annoyed me)
    2.4.21-pre7: broken from here on
Redhat's 2.4.20 is on 2.4.21-pre3 and seems to track the -ac tree, has around 150 patches total (based on RH 8, I won't mention 9 since NPTL is incompatible with grsecurity) - the situation there is a lot more complex.

Probably not a good time for Spender to lose his connectivity for a week! To this end, I spent the weekend merging Friday's CVS snapshot of grsecurity diffed against 2.4.20 into the 2.4.21-rc2 (not tested yet), probably an ill-advised move since I've been caught like this once before (around 6 months' ago) - I imagine Brad already has a copy running against rc2.

Applying nethashfix to 2.4.20 is also a possibility [edit: in fact it's trivial], I won't second-guess what the grsecurity team are going to do about this remaining vulnerability, though.
DMZ
 
Posts: 9
Joined: Sat Nov 16, 2002 5:08 pm

Postby goal » Tue May 27, 2003 3:01 pm

Evening all,

Just wondering if there's any update on these kernel vulnerabilities being included in an updated grsec. Reluctant to move to a non-grsec kernel on lots of machines, but likewise don't want to live with knowing they're unpatched.

Cheers.
goal
 
Posts: 3
Joined: Tue May 27, 2003 2:58 pm

Postby goal » Tue Jun 03, 2003 7:31 am

Brad? Any word on this?
goal
 
Posts: 3
Joined: Tue May 27, 2003 2:58 pm


Return to grsecurity development

cron