Really nasty Linux security bug

E Frank Ball frankb at efball.com
Fri Oct 19 14:31:36 PDT 2001


On Fri, Oct 19, 2001 at 11:53:58AM -0700, Dustin Mollo wrote:
} Hey all.  For those that doin't read slashdot all that often, check out this
} email over on SecurityFocus.
} 
} http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
} 
} ObQuote:
} 
} There are two bugs present in Linux kernels 2.2.x, x<=19 and 2.4.y, y<=9.
} The first vulnerability results in local DoS. The second one, involving
} ptrace, can be used to gain root privileges locally (in case of default
} install of most popular distributions). Linux 2.0.x is not vulnerable to the
} ptrace bug mentioned.

The ptrace problem is easily fixed.  Log in as root and:
chmod u-s /usr/bin/newgrp

II. Root compromise by ptrace(3)
           In order for this flaw to be exploitable, /usr/bin/newgrp must be 
   setuid root and world-executable. Additionally, newgrp, when run with no
   arguments, should not prompt for password. This 
   conditions are satisfied in case of most popular Linux distributions (but
   not Openwall GNU/*/Linux)

-- 

   E Frank Ball                efball at efball.com



More information about the talk mailing list