Linux root compromise, please upgrade your kernel
Digital Wokan
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 20 Oct 2001 07:07:24 -0700
Newgrp was used as an example, the vulnerability can exist in any suid
program that allows the creation of a shell (not sure what the
requirements are, check the actual vulnerability report).
This is NOT something to panic over if you're a home user (unless you
use telnet to access your machine remotely, then you should be slapped
around and sat down in Linux Admin 101 after you've disabled telnet,
installed ssh, and changed all your passwords). It's a local root
exploit, not a remote one. Don't freak just because you've got your
system hooked up to the Internet with a 2.4.x or 2.2.x kernel (see
telnet disclaimer above).
I'm happy with my 2.4.7 on my systems since I don't expect my 2 year old
to be trying to root dad's boxes yet. (Maybe when she's four.)
Matt Alexander wrote:
>
> As a quick fix, remove the suid bit from /usr/bin/newgrp.
>
> chmod -s /usr/bin/newgrp
>
> On Sat, 20 Oct 2001, Jason wrote:
>
> > Hey wait a minute, the newest 2.2 kernel on sunsite IS 2.2.19
> >
> > Splendid.
> >
> > > Matt Alexander wrote:
> > > >
> > > > Root compromise is possible in kernels 2.2.x (x <= 19) up through 2.4.y.
> > > > (y <= 9).
> > > >
> > > > Here's more info:
> > > >
> > > > http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
> > > >
> > > > If you've got a system with multiple users, please upgrade your kernel.
> > > > ~M