[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(Fwd) Security Advisory Announcement
- Subject: (Fwd) Security Advisory Announcement
- From: Richard <nospam [at] zen.co.uk>
- Date: Jun 04 1999 14:12:39 EDT
And Open Caldera as well.........
------- Forwarded Message Follows -------
Date sent: 4 Jun 1999 17:45:56 -0000
From: listmaster [at] locutus.calderasystems.com
To: announce [at] lists.calderasystems.com
Subject: Security Advisory Announcement
Send reply to: info [at] calderasystems.com
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________
____
Caldera Systems, Inc. Security Advisory
Subject: Kernel handling of IP options can crash machine
Advisory number: CSSA-1999:013.0
Issue date: 1999 June 04
Cross reference:
______________________________________________________________________
____
1. Problem Description
All Linux kernels up to version 2.2.9 have a bug
in the handling of IP options that can be used to
remotely crash the machine.
An IP packet can contain a variable amount of extra information
following the standard 20-byte header. These are called IP options.
When receiving an IP packet with bogus options, all 2.2 kernels
erroneously release the network buffer twice, causing memory
corruption. This eventually leads to a system crash.
This problem has been publicly disclosed on the bugtraq
mailing list, and an exploit has been made available.
2. Vulnerable Versions
Systems: OpenLinux 2.2
Packages: all Linux kernels up to
linux-kernel-binary-2.2.5-2.i386.rpm
3. Solutions
Upgrade to the latest kernel RPMS
linux-kernel-binary-2.2.5-2.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U linux-kernel-binary-2.2.5-2.i386.rpm
start lilo, and reboot after upgrade
/sbin/lilo
/sbin/reboot
6. Verification
92fb578c5a06f1d06c2d6f581aa213fe README
89a277e6e14d65c4ac405b56f394117b
RPMS/linux-kernel-binary-2.2.5-2.i386.rpm
370fd253c92a524aa3eb99e938174840 SRPMS/linux-2.2.5-2.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
Additional documentation on this problem can be found in:
http://www.geek-girl.com/bugtraq/1999_2/0604.html
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
__________________________________________________________________________
____
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN1fFW+n+9R4958LpAQGgvQQApLrSs/eJAsj6BTJ4JXMcwTNfzYuPgQkA
jxaWZw7ehoC+mdmVDdnBKvEHduK3hbCtCWyqRZVQ9IgaK+WHKOf0RB9jpr9brCFO
6Kv4oh7DnbPrtcO0mVtq1sKaPSy0/w3vGlcGjDMy7d01o8VoGiIcFxpumLItkZPa
zd0PC4OeOfc=
=bUoJ
-----END PGP SIGNATURE-----
--
Note: To learn how to use this list server, email a help command to
majordomo@lists.calderasystems.com.
Start your own FREE mailing list at
© 2000 Microsoft Corporation. All Rights Reserved