Date: 26 June 2001
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.258 -- RHSA-2001:084-03
Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes
26 June 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iptables
Vendor: Red Hat
Operating System: Red Hat Linux 7.1
Platform: i386
i586
i686
Impact: Reduced Security
Access Required: Remote
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes
Advisory ID: RHSA-2001:084-03
Issue date: 2001-06-21
Updated on: 2001-06-21
Product: Red Hat Linux
Keywords: iptables FTP ip_conntrack_ftp kernel
Cross references:
Obsoletes: RHSA-2001:052-02
- ---------------------------------------------------------------------
1. Topic:
A security hole has been found that does not affect the default
configuration of Red Hat Linux, but it can affect some custom
configurations of Red Hat Linux 7.1. The bug is specific
to the Linux 2.4 kernel series. Aside from the fix, countless bugfixes
have been applied to this kernel as a result of code-audits by the
MC project of the Stanford University and others.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - i386, i586, i686
3. Problem description:
A vulnerability in iptables "RELATED" connection tracking has been
discovered. When using iptables to allow FTP "RELATED" connections
through the firewall, carefully constructed PORT commands can open
arbitrary holes in the firewall.
Default installations of Red Hat Linux 7.1 are not vulnerable; however
upgrading to this kernel is recommended regardless in order to benefit from
the other bug fixes in this kernel.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
The procedure for upgrading the kernel is documented at:
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
26999 - drm:r128_do_wait_for_fifo
29140 - Garbage output reported in kernel startup scanning DMA zones
29573 - erroneous IRQ conflict message
29555 - [aic7xxx] Installer hangs loading the aic7xxx module
29730 - Installer hangs when mounting IDE CDROM
31769 - Kernel fails to load cs46xx module on an IBM Thinkpad T20
32723 - No Bass on Sound Blaster Live (emu10k1 chip) on 2.4.x kernel
36897 - missing entry in listing of an NFS directory served by IRIX
38429 - Ext2 file corruption with RH71 2.4.2-2 kernel and ServerWorks chipset
38536 - ide=reverse option not in install kernel
38588 - Installer hangs during package upgrades from 6.2
39445 - pcnet32: warning: PROM address does not match CSR addre
39468 - Integration of TUX broke higher number system calls
39845 - mtrr not working properly (kernel 2.4.2-2)
40123 - Rebuild of custom kernel fails with 'undefined reference'
40793 - PCMCIA services fail to recognize inserts and removals on Dell Latitude CPx with more than 256Mb RAM
41353 - Poweroff crashes just before it should power down
41856 - mtrr (write-combining) messages on Athlon 1300
43659 - Installer hangs when sym58c8xx driver loading for Tekram DC-390U3W
43940 - wvlan_cs update to 1.07 in 2.4.3-track
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.3-12.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-headers-2.4.3-12.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.3-12.i386.rpm
i586:
ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.3-12.i586.rpm
ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.3-12.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-enterprise-2.4.3-12.i686.rpm
ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
4fc88b39d9a4c133383e26e169ea0028 7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm
56441741db1afc54585c09d5d70958d2 7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm
dc7d6ca72aa0a81cd9070ac41c00c084 7.1/en/os/i386/kernel-2.4.3-12.i386.rpm
33eaefca0670a7908d2dd27bae24937a 7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.rpm
d6494b754931b3f8cad2a9db985e9183 7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm
6409be31e631616ad1382dd8abe49009 7.1/en/os/i386/kernel-headers-2.4.3-12.i386.rpm
047d31db622884f59036b2de6c02f72a 7.1/en/os/i386/kernel-source-2.4.3-12.i386.rpm
f2c2424f9ab4e04ae10ca81ef971edca 7.1/en/os/i586/kernel-2.4.3-12.i586.rpm
dc5b453ba1f85cbe7747c016fe957c5c 7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm
6e4dfbf5e9381a7c37113f61d77276df 7.1/en/os/i686/kernel-2.4.3-12.i686.rpm
0ef5481dd241cdae1df75b7f4cd3a213 7.1/en/os/i686/kernel-enterprise-2.4.3-12.i686.rpm
5588b32b37b96493ce4d37eaaa1e2f3f 7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.redhat.com/support/errata/RHSA-2001-052.html
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
Copyright(c) 2000, 2001 Red Hat, Inc.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOziXJCh9+71yA2DNAQGw+gP/RY+MsO7qwJTCsUfd1N+VRV2Qum08wSyU
NK5V3jW+znF6fnXHNlTRBWW4e2J+o41STGBSNpUiHp2I3hl2NNTKz6NMfpoXME7e
VroZQygmSq0hpa1mHtCK6aNrsZITfymZ4ctx1BFaPAcNfDVEq/GVPyY7aRgjobAq
Pt3qFermLzs=
=ERCE
-----END PGP SIGNATURE-----
|