SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   [Multiple Authors/Vendors]
(Caldera Issues Fix for OpenLinux) Linux Kernel TCP Syn Cookies Flaw Lets Remote Users Bypass Certain Firewall Rules to Access Protected Ports on the Server in Limited Cases
SecurityTracker Alert ID:  1002705
SecurityTracker URL:  http://securitytracker.com/id/1002705
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 6 2001
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux Kernel's firewalling of SYN packets when kernel syn cookie support is enabled. A remote user could access protected ports in certain limited cases.

It is reported that if syn cookies are enabled and being sent by the kernel (as would happen during a TCP SYN flood attack, for example), a remote user may be able to connect to certain firewalled ports that are protected by firewall rules filtering SYN packets.

Because of the syn cookies, the remote user is not required to send SYN packets to initiate the connection, only ACK packets are needed but with the restriction that the magic cookie is correct. A remote user can attempt to brute force guess the correct magic cookie by exploring approximately 16 million values (2^24). This can apparently be achieved within a few hours time against a server with a fast network connection.

This flaw was reportedly discovered by Manfred Spraul and patched by Andi Kleen from SuSE.

Impact:   If syn cookies are enabled and being sent, a remote user can attempt to guess a valid magic cookie and connect to a protected (firewalled) port.
Solution:   The vendor has released a fix. The following packages are affected:

OpenLinux 2.3, all packages previous to linux-2.2.10-14; OpenLinux eServer 2.3.1 and eBuilder, all packages previous to linux-2.2.14-13S; OpenLinux eDesktop 2.4, all packages previous to linux-2.2.14-9; OpenLinux Server 3.1, all packages previous to linux-2.4.2-14S; OpenLinux Workstation 3.1, all packages previous to linux-2.4.2-14D.

OpenLinux 2.3, available at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

Verification checksums are:

f112b7346070972c44770b562df912db linux-kernel-binary-2.2.10-14.i386.rpm
7a8d2803e68227576998b9c12fb90976 linux-kernel-doc-2.2.10-14.i386.rpm
8c9a3a28c69d03efb6e325e1f83eca9a linux-kernel-include-2.2.10-14.i386.rpm
29020f946a358838cde15d54ee6a294c linux-source-alpha-2.2.10-14.i386.rpm
0a841ec165ee97425afb8d86f74a2eb4 linux-source-arm-2.2.10-14.i386.rpm
dead286ad1491ceccabde12fd24eab88 linux-source-common-2.2.10-14.i386.rpm
b8e37b6be024ceb02dbcff7e9191e067 linux-source-i386-2.2.10-14.i386.rpm
9789e6ea513b88f8dbdf4fd58405c69f linux-source-m68k-2.2.10-14.i386.rpm
14ae8aa4e6e075b1ce891048b4eb25ed linux-source-mips-2.2.10-14.i386.rpm
d85b4cc17890c262a776bef9c100aa07 linux-source-ppc-2.2.10-14.i386.rpm
9a4398514eea89a9cae7bd28038b7d6b linux-source-sparc-2.2.10-14.i386.rpm
5f0c0e296f83cc1a0ed8e8f2b03087ba linux-source-sparc64-2.2.10-14.i386.rpm
25901d75de5b22e8eda388895a261564 pcmcia-cs-3.0.14-5.i386.rpm
dfe1a96017b6a43949d740a5a2f17369 linux-2.2.10-14.src.rpm
f07c67c7eeb6778d2b7320591bbecd14 pcmcia-cs-3.0.14-5.src.rpm


OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0, available at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

Verification checksums are:

e2f0150caeb4d7318716d05d5d4cb32e linux-kernel-binary-2.2.14-13S.i386.rpm
9c0940b9a84ff72c8a40e8a10add3d4b linux-kernel-doc-2.2.14-13S.i386.rpm
8cdfa9651a5e75d04a095696d4681663 linux-kernel-include-2.2.14-13S.i386.rpm
db564909d2065c238271ae63c9ffd49a linux-source-alpha-2.2.14-13S.i386.rpm
4f80288d523347ec39e9cc38e7230f50 linux-source-arm-2.2.14-13S.i386.rpm
9c915c6026e86680299522da3e053e72 linux-source-common-2.2.14-13S.i386.rpm
c7f9415335c293a9878b18abb5ed1864 linux-source-i386-2.2.14-13S.i386.rpm
3218946ecbd2b98c6661770757fa4e8d linux-source-m68k-2.2.14-13S.i386.rpm
6ab8925bdf73efe2b014ebcd3c2188bc linux-source-mips-2.2.14-13S.i386.rpm
035a4e5970bf0dc709c301daf751bc67 linux-source-ppc-2.2.14-13S.i386.rpm
d611132b945774cb4b3a0e57ef323f1b linux-source-sparc-2.2.14-13S.i386.rpm
3b4048225724cab325a247d66bac2afe linux-source-sparc64-2.2.14-13S.i386.rpm
d653ecbe3fa48e87f6c6ebbce81d8345 pcmcia-cs-3.1.4-5.i386.rpm
222e40903ce9f4fa823485984764369e linux-2.2.14-13S.src.rpm
d78e703763fe9828627006706d65292e pcmcia-cs-3.1.4-5.src.rpm

OpenLinux eDesktop 2.4, available at:

ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

Verification checksums:

3274fe3fbb7b302d6d0bee7186820fef hwprobe-20000214-6.i386.rpm
064ebec44665beb14eaa85ad4ecfc838 iBCS-2.1-12.i386.rpm
d87d3c6f0cb937a0e51e68c6984b2c62 iBCS-extras-2.1-12.i386.rpm
7fd4443b17bc58f072572548b3c54886 iBCS-module-2.1_2.2.14-12.i386.rpm
4366e46e2ff02f9dadde291a483f1cf2 linux-kernel-binary-2.2.14-9.i386.rpm
d54b1d4e4ad58022d5298e8c5359dad9 linux-kernel-doc-2.2.14-9.i386.rpm
320d182140b90c771993b031c66f2d4a linux-kernel-include-2.2.14-9.i386.rpm
ad69ebbc9d8ee30de552e81f5c3b3cdf linux-source-alpha-2.2.14-9.i386.rpm
3f5434fc2fe4486e258a5981cd65dc36 linux-source-arm-2.2.14-9.i386.rpm
a8fc5f92bf99b27674772966f390ce1d linux-source-common-2.2.14-9.i386.rpm
6fd8bde1cd3caf58195f6be09983a9cf linux-source-i386-2.2.14-9.i386.rpm
997e6d546da8149c8a9b4e78932a3ab5 linux-source-m68k-2.2.14-9.i386.rpm
27dcf591ef399c3b1a02011900cf92e3 linux-source-mips-2.2.14-9.i386.rpm
ce4998917dcded5161b954672b9e7728 linux-source-ppc-2.2.14-9.i386.rpm
7b258bc6c66ac6d9305bc71e41ecd24c linux-source-sparc-2.2.14-9.i386.rpm
fb5d48c243c3b10067f59f58f6f922f4 linux-source-sparc64-2.2.14-9.i386.rpm
d4fbca082ccb49d9a9ed26b2e4868767 pcmcia-cs-3.1.8-5.i386.rpm
b5465215f5dbe5c430e684a9899af9f7 hwprobe-20000214-6.src.rpm
ccbfc2eab5d5111866abcba90e551116 iBCS-2.1-12.src.rpm
ada8415ed350c5013bf29fc84931741b linux-2.2.14-9.src.rpm
14b4fb11304a0083ee44edd27dba4543 pcmcia-cs-3.1.8-5.src.rpm

OpenLinux 3.1 Server, available at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

Verification checksums:

87b5f36b72bb16e6e834c59233106b37 linux-kernel-binary-2.4.2-14S.i386.rpm
5188757fbd1cbcc307d53c0bbbba6aed linux-kernel-include-2.4.2-14S.i386.rpm
4723ba116d77e1afaaab9108d4f67392 linux-source-alpha-2.4.2-14S.i386.rpm
8d5b667a2238e549d01523a9028d0def linux-source-arm-2.4.2-14S.i386.rpm
7b1040fce5eb2c13069f12e0f98f459f linux-source-common-2.4.2-14S.i386.rpm
d4d72adbd977c3cd736d6d292fa96f66 linux-source-i386-2.4.2-14S.i386.rpm
e13ee045818e08ea58ebac07e3a7683b linux-source-ia64-2.4.2-14S.i386.rpm
63f8af9364b41a5ed8529922b2b86085 linux-source-m68k-2.4.2-14S.i386.rpm
1efcb66cef3cfb73267bc383192977e5 linux-source-mips-2.4.2-14S.i386.rpm
eb531f7e844276dadcfb64a61e14d91b linux-source-ppc-2.4.2-14S.i386.rpm
bdbb2c789f16563881f1bb24384a1e13 linux-source-s390-2.4.2-14S.i386.rpm
afab346de67d5298b680d9f3f585df85 linux-source-sparc-2.4.2-14S.i386.rpm
4365699de967a365b09f92f683447b90 linux-source-superH-2.4.2-14S.i386.rpm
38226719588775988ffdd5db0adacb10 linux-2.4.2-14S.src.rpm

OpenLinux 3.1 Workstation, available at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

Verification checksums are:

b170636148d3d057237913b3870d916f linux-kernel-binary-2.4.2-14D.i386.rpm
a1f3dd1fe8ac717999a8fc963227c40e linux-kernel-include-2.4.2-14D.i386.rpm
b033e7f2b3bea97b65b636cc5ab67de9 linux-source-alpha-2.4.2-14D.i386.rpm
c8fd9e36df0d6008fad4c3beb31e3bdb linux-source-arm-2.4.2-14D.i386.rpm
452b0df69c68d10f3bdac57c08e9cf17 linux-source-common-2.4.2-14D.i386.rpm
d7e8c4157df7a7b9bb0116f673c67b1d linux-source-i386-2.4.2-14D.i386.rpm
25911c50aa631b48712da3b877eb4c72 linux-source-ia64-2.4.2-14D.i386.rpm
3ea9d607e08b15ff646d45100754c05f linux-source-m68k-2.4.2-14D.i386.rpm
339be8f2e0fd2eafefb41c256acf0412 linux-source-mips-2.4.2-14D.i386.rpm
47ce33f13fde399aa62b0d20b677150b linux-source-ppc-2.4.2-14D.i386.rpm
9a3f948f6e104bb7bbc8c2105b218bcf linux-source-s390-2.4.2-14D.i386.rpm
fa3416e60a2af27c529a72cf446885ed linux-source-sparc-2.4.2-14D.i386.rpm
07f6fc32a1002845413fc77bdd7c61f0 linux-source-superH-2.4.2-14D.i386.rpm
1d13bd90b32d5fa065b0afa2484df0f2 linux-2.4.2-14D.src.rpm

See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Caldera/SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 2 2001 Linux Kernel TCP Syn Cookies Flaw Lets Remote Users Bypass Certain Firewall Rules to Access Protected Ports on the Server in Limited Cases



 Source Message Contents

Subject:  Security Update: [CSSA-2001-38.0] Linux - syncookies firewall breaking problem


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - syncookies firewall breaking problem
Advisory number: 	CSSA-2001-038.0
Issue date: 		2001, November 05
Cross reference:
______________________________________________________________________________


1. Problem Description

   The Linux kernel implements a method called 'syn cookies' to avoid
   denial of service attacks by using a stateless connection setup.

   There is also a common form of firewalls, which are based on SYN
   filtering to block only incoming TCP connections, but let outgoing
   connections pass.

   Unfortunately the syncookies design allows a remote attacker to
   bypass SYN filtering firewalls in case there is one open port which
   the attacker can flood.

   The Linux 2.2 and 2.4 kernels had the syncookies state as a systemwide
   global, so it was enabled for all sockets at once in case of flood to
   an open port, allowing a remote attacker to gain access to firewalled
   ports, effectively bypassing the firewall.

   Even though the attack requires a very large number of IP packets,
   it is not unthinkable for a determined attacker to exploit this problem.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 All packages previous to      
                                 linux-2.2.10-14 
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        linux-2.2.14-13S
   
   OpenLinux eDesktop 2.4        All packages previous to      
                                 linux-2.2.14-9            
   
   OpenLinux Server 3.1          All packages previous to      
                                 linux-2.4.2-14S 
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 linux-2.4.2-14D 
   


3. Solution

   Workaround

     Disable syncookies by doing:

     	echo -n 0 > /proc/sys/net/ipv4/tcp_syncookies

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       f112b7346070972c44770b562df912db  linux-kernel-binary-2.2.10-14.i386.rpm
       7a8d2803e68227576998b9c12fb90976  linux-kernel-doc-2.2.10-14.i386.rpm
       8c9a3a28c69d03efb6e325e1f83eca9a  linux-kernel-include-2.2.10-14.i386.rpm
       29020f946a358838cde15d54ee6a294c  linux-source-alpha-2.2.10-14.i386.rpm
       0a841ec165ee97425afb8d86f74a2eb4  linux-source-arm-2.2.10-14.i386.rpm
       dead286ad1491ceccabde12fd24eab88  linux-source-common-2.2.10-14.i386.rpm
       b8e37b6be024ceb02dbcff7e9191e067  linux-source-i386-2.2.10-14.i386.rpm
       9789e6ea513b88f8dbdf4fd58405c69f  linux-source-m68k-2.2.10-14.i386.rpm
       14ae8aa4e6e075b1ce891048b4eb25ed  linux-source-mips-2.2.10-14.i386.rpm
       d85b4cc17890c262a776bef9c100aa07  linux-source-ppc-2.2.10-14.i386.rpm
       9a4398514eea89a9cae7bd28038b7d6b  linux-source-sparc-2.2.10-14.i386.rpm
       5f0c0e296f83cc1a0ed8e8f2b03087ba  linux-source-sparc64-2.2.10-14.i386.rpm
       25901d75de5b22e8eda388895a261564  pcmcia-cs-3.0.14-5.i386.rpm
       dfe1a96017b6a43949d740a5a2f17369  linux-2.2.10-14.src.rpm
       f07c67c7eeb6778d2b7320591bbecd14  pcmcia-cs-3.0.14-5.src.rpm
       

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:


	 /sbin/modprobe loop
         rpm -Fvh --force linux-kernel-binary-2.2.10-14.i386.rpm \
              linux-kernel-doc-2.2.10-14.i386.rpm \
              linux-kernel-include-2.2.10-14.i386.rpm \
              linux-source-alpha-2.2.10-14.i386.rpm \
              linux-source-arm-2.2.10-14.i386.rpm \
              linux-source-common-2.2.10-14.i386.rpm \
              linux-source-i386-2.2.10-14.i386.rpm \
              linux-source-m68k-2.2.10-14.i386.rpm \
              linux-source-mips-2.2.10-14.i386.rpm \
              linux-source-ppc-2.2.10-14.i386.rpm \
              linux-source-sparc-2.2.10-14.i386.rpm \
              linux-source-sparc64-2.2.10-14.i386.rpm \
              pcmcia-cs-3.0.14-5.i386.rpm
         

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       e2f0150caeb4d7318716d05d5d4cb32e  linux-kernel-binary-2.2.14-13S.i386.rpm
       9c0940b9a84ff72c8a40e8a10add3d4b  linux-kernel-doc-2.2.14-13S.i386.rpm
       8cdfa9651a5e75d04a095696d4681663  linux-kernel-include-2.2.14-13S.i386.rpm
       db564909d2065c238271ae63c9ffd49a  linux-source-alpha-2.2.14-13S.i386.rpm
       4f80288d523347ec39e9cc38e7230f50  linux-source-arm-2.2.14-13S.i386.rpm
       9c915c6026e86680299522da3e053e72  linux-source-common-2.2.14-13S.i386.rpm
       c7f9415335c293a9878b18abb5ed1864  linux-source-i386-2.2.14-13S.i386.rpm
       3218946ecbd2b98c6661770757fa4e8d  linux-source-m68k-2.2.14-13S.i386.rpm
       6ab8925bdf73efe2b014ebcd3c2188bc  linux-source-mips-2.2.14-13S.i386.rpm
       035a4e5970bf0dc709c301daf751bc67  linux-source-ppc-2.2.14-13S.i386.rpm
       d611132b945774cb4b3a0e57ef323f1b  linux-source-sparc-2.2.14-13S.i386.rpm
       3b4048225724cab325a247d66bac2afe  linux-source-sparc64-2.2.14-13S.i386.rpm
       d653ecbe3fa48e87f6c6ebbce81d8345  pcmcia-cs-3.1.4-5.i386.rpm
       222e40903ce9f4fa823485984764369e  linux-2.2.14-13S.src.rpm
       d78e703763fe9828627006706d65292e  pcmcia-cs-3.1.4-5.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.2.14-13S.i386.rpm \
              linux-kernel-doc-2.2.14-13S.i386.rpm \
              linux-kernel-include-2.2.14-13S.i386.rpm \
              linux-source-alpha-2.2.14-13S.i386.rpm \
              linux-source-arm-2.2.14-13S.i386.rpm \
              linux-source-common-2.2.14-13S.i386.rpm \
              linux-source-i386-2.2.14-13S.i386.rpm \
              linux-source-m68k-2.2.14-13S.i386.rpm \
              linux-source-mips-2.2.14-13S.i386.rpm \
              linux-source-ppc-2.2.14-13S.i386.rpm \
              linux-source-sparc-2.2.14-13S.i386.rpm \
              linux-source-sparc64-2.2.14-13S.i386.rpm \
              pcmcia-cs-3.1.4-5.i386.rpm
         

6. OpenLinux eDesktop 2.4

    6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       3274fe3fbb7b302d6d0bee7186820fef  hwprobe-20000214-6.i386.rpm
       064ebec44665beb14eaa85ad4ecfc838  iBCS-2.1-12.i386.rpm
       d87d3c6f0cb937a0e51e68c6984b2c62  iBCS-extras-2.1-12.i386.rpm
       7fd4443b17bc58f072572548b3c54886  iBCS-module-2.1_2.2.14-12.i386.rpm
       4366e46e2ff02f9dadde291a483f1cf2  linux-kernel-binary-2.2.14-9.i386.rpm
       d54b1d4e4ad58022d5298e8c5359dad9  linux-kernel-doc-2.2.14-9.i386.rpm
       320d182140b90c771993b031c66f2d4a  linux-kernel-include-2.2.14-9.i386.rpm
       ad69ebbc9d8ee30de552e81f5c3b3cdf  linux-source-alpha-2.2.14-9.i386.rpm
       3f5434fc2fe4486e258a5981cd65dc36  linux-source-arm-2.2.14-9.i386.rpm
       a8fc5f92bf99b27674772966f390ce1d  linux-source-common-2.2.14-9.i386.rpm
       6fd8bde1cd3caf58195f6be09983a9cf  linux-source-i386-2.2.14-9.i386.rpm
       997e6d546da8149c8a9b4e78932a3ab5  linux-source-m68k-2.2.14-9.i386.rpm
       27dcf591ef399c3b1a02011900cf92e3  linux-source-mips-2.2.14-9.i386.rpm
       ce4998917dcded5161b954672b9e7728  linux-source-ppc-2.2.14-9.i386.rpm
       7b258bc6c66ac6d9305bc71e41ecd24c  linux-source-sparc-2.2.14-9.i386.rpm
       fb5d48c243c3b10067f59f58f6f922f4  linux-source-sparc64-2.2.14-9.i386.rpm
       d4fbca082ccb49d9a9ed26b2e4868767  pcmcia-cs-3.1.8-5.i386.rpm
       b5465215f5dbe5c430e684a9899af9f7  hwprobe-20000214-6.src.rpm
       ccbfc2eab5d5111866abcba90e551116  iBCS-2.1-12.src.rpm
       ada8415ed350c5013bf29fc84931741b  linux-2.2.14-9.src.rpm
       14b4fb11304a0083ee44edd27dba4543  pcmcia-cs-3.1.8-5.src.rpm
       

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /sbin/modprobe loop
         rpm -Fvh hwprobe-20000214-6.i386.rpm iBCS-2.1-12.i386.rpm \
              iBCS-extras-2.1-12.i386.rpm \
              iBCS-module-2.1_2.2.14-12.i386.rpm \
              linux-kernel-binary-2.2.14-9.i386.rpm \
              linux-kernel-doc-2.2.14-9.i386.rpm \
              linux-kernel-include-2.2.14-9.i386.rpm \
              linux-source-alpha-2.2.14-9.i386.rpm \
              linux-source-arm-2.2.14-9.i386.rpm \
              linux-source-common-2.2.14-9.i386.rpm \
              linux-source-i386-2.2.14-9.i386.rpm \
              linux-source-m68k-2.2.14-9.i386.rpm \
              linux-source-mips-2.2.14-9.i386.rpm \
              linux-source-ppc-2.2.14-9.i386.rpm \
              linux-source-sparc-2.2.14-9.i386.rpm \
              linux-source-sparc64-2.2.14-9.i386.rpm \
              pcmcia-cs-3.1.8-5.i386.rpm
         

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       87b5f36b72bb16e6e834c59233106b37  linux-kernel-binary-2.4.2-14S.i386.rpm
       5188757fbd1cbcc307d53c0bbbba6aed  linux-kernel-include-2.4.2-14S.i386.rpm
       4723ba116d77e1afaaab9108d4f67392  linux-source-alpha-2.4.2-14S.i386.rpm
       8d5b667a2238e549d01523a9028d0def  linux-source-arm-2.4.2-14S.i386.rpm
       7b1040fce5eb2c13069f12e0f98f459f  linux-source-common-2.4.2-14S.i386.rpm
       d4d72adbd977c3cd736d6d292fa96f66  linux-source-i386-2.4.2-14S.i386.rpm
       e13ee045818e08ea58ebac07e3a7683b  linux-source-ia64-2.4.2-14S.i386.rpm
       63f8af9364b41a5ed8529922b2b86085  linux-source-m68k-2.4.2-14S.i386.rpm
       1efcb66cef3cfb73267bc383192977e5  linux-source-mips-2.4.2-14S.i386.rpm
       eb531f7e844276dadcfb64a61e14d91b  linux-source-ppc-2.4.2-14S.i386.rpm
       bdbb2c789f16563881f1bb24384a1e13  linux-source-s390-2.4.2-14S.i386.rpm
       afab346de67d5298b680d9f3f585df85  linux-source-sparc-2.4.2-14S.i386.rpm
       4365699de967a365b09f92f683447b90  linux-source-superH-2.4.2-14S.i386.rpm
       38226719588775988ffdd5db0adacb10  linux-2.4.2-14S.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.4.2-14S.i386.rpm \
              linux-kernel-include-2.4.2-14S.i386.rpm \
              linux-source-alpha-2.4.2-14S.i386.rpm \
              linux-source-arm-2.4.2-14S.i386.rpm \
              linux-source-common-2.4.2-14S.i386.rpm \
              linux-source-i386-2.4.2-14S.i386.rpm \
              linux-source-ia64-2.4.2-14S.i386.rpm \
              linux-source-m68k-2.4.2-14S.i386.rpm \
              linux-source-mips-2.4.2-14S.i386.rpm \
              linux-source-ppc-2.4.2-14S.i386.rpm \
              linux-source-s390-2.4.2-14S.i386.rpm \
              linux-source-sparc-2.4.2-14S.i386.rpm \
              linux-source-superH-2.4.2-14S.i386.rpm
         
	 /sbin/depmod -a

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       b170636148d3d057237913b3870d916f  linux-kernel-binary-2.4.2-14D.i386.rpm
       a1f3dd1fe8ac717999a8fc963227c40e  linux-kernel-include-2.4.2-14D.i386.rpm
       b033e7f2b3bea97b65b636cc5ab67de9  linux-source-alpha-2.4.2-14D.i386.rpm
       c8fd9e36df0d6008fad4c3beb31e3bdb  linux-source-arm-2.4.2-14D.i386.rpm
       452b0df69c68d10f3bdac57c08e9cf17  linux-source-common-2.4.2-14D.i386.rpm
       d7e8c4157df7a7b9bb0116f673c67b1d  linux-source-i386-2.4.2-14D.i386.rpm
       25911c50aa631b48712da3b877eb4c72  linux-source-ia64-2.4.2-14D.i386.rpm
       3ea9d607e08b15ff646d45100754c05f  linux-source-m68k-2.4.2-14D.i386.rpm
       339be8f2e0fd2eafefb41c256acf0412  linux-source-mips-2.4.2-14D.i386.rpm
       47ce33f13fde399aa62b0d20b677150b  linux-source-ppc-2.4.2-14D.i386.rpm
       9a3f948f6e104bb7bbc8c2105b218bcf  linux-source-s390-2.4.2-14D.i386.rpm
       fa3416e60a2af27c529a72cf446885ed  linux-source-sparc-2.4.2-14D.i386.rpm
       07f6fc32a1002845413fc77bdd7c61f0  linux-source-superH-2.4.2-14D.i386.rpm
       1d13bd90b32d5fa065b0afa2484df0f2  linux-2.4.2-14D.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /sbin/modprobe loop
         rpm -Fvh linux-kernel-binary-2.4.2-14D.i386.rpm \
              linux-kernel-include-2.4.2-14D.i386.rpm \
              linux-source-alpha-2.4.2-14D.i386.rpm \
              linux-source-arm-2.4.2-14D.i386.rpm \
              linux-source-common-2.4.2-14D.i386.rpm \
              linux-source-i386-2.4.2-14D.i386.rpm \
              linux-source-ia64-2.4.2-14D.i386.rpm \
              linux-source-m68k-2.4.2-14D.i386.rpm \
              linux-source-mips-2.4.2-14D.i386.rpm \
              linux-source-ppc-2.4.2-14D.i386.rpm \
              linux-source-s390-2.4.2-14D.i386.rpm \
              linux-source-sparc-2.4.2-14D.i386.rpm \
              linux-source-superH-2.4.2-14D.i386.rpm
         
	 /sbin/depmod -a


9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10835.


10. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

11. Acknowledgements

   Caldera International Inc. wants to thank Andi Kleen of SuSE for
   spotting and sending a patch and David Miller for refining it.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE75qM/18sy83A/qfwRAmQWAJ9+1yMqGz7TmiV5qO1bvgYpQjASuQCgtP6q
+bK2B7diVD8AM78+qv5yYkI=
=8D+y
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC