Re: [security-announce] New Linux kernel privilege escalation - heads up notice

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [security-announce] New Linux kernel privilege escalation - heads up notice

Frank Steiner
Hi,

Marcus Meissner wrote

> Hi,
>
> A bug in the Linux kernels "pipe" system call implementation was found which
> can be used by local attackers to gain root privileges.
>
> CVE-2009-3547
> http://www.openwall.com/lists/oss-security/2009/11/03/1
>
>
> The several days delay in getting Kernel updates out is due to kernel
> QA taking around 4 days, as they include numbers of regressions, burn-in
> and partner tests and careful evaluation of the generated results.

not meaning to offend anyone, but as far as I can see the patch for
this has been added on October 26th to the SuSE sources (SLE 10 SP2):

* Mon Oct 26 2009 - [hidden email]
- patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
  dereference (bnc#550001, CVE-2009-3547).

So couldn't the kernels have been out a week ago?

cu,
Frank


--
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [security-announce] New Linux kernel privilege escalation - heads up notice

Marcus Meissner
On Fri, Nov 06, 2009 at 09:30:47AM +0100, Frank Steiner wrote:

> Hi,
>
> Marcus Meissner wrote
>
> > Hi,
> >
> > A bug in the Linux kernels "pipe" system call implementation was found which
> > can be used by local attackers to gain root privileges.
> >
> > CVE-2009-3547
> > http://www.openwall.com/lists/oss-security/2009/11/03/1
> >
> >
> > The several days delay in getting Kernel updates out is due to kernel
> > QA taking around 4 days, as they include numbers of regressions, burn-in
> > and partner tests and careful evaluation of the generated results.
>
> not meaning to offend anyone, but as far as I can see the patch for
> this has been added on October 26th to the SuSE sources (SLE 10 SP2):
>
> * Mon Oct 26 2009 - [hidden email]
> - patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
>   dereference (bnc#550001, CVE-2009-3547).
>
> So couldn't the kernels have been out a week ago?

First, the issue was handled as responsible disclosure with the disclosure date
on this week (Nov 4 actually, but it turned out to be Nov 3).

Second, we do need QA time to actually test kernels.

Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
to restart the update. Otherwise we would probably be ready now.

Make sure you have:
Tue Nov  3 12:14:59 CET 2009 - [hidden email]
- patches.fixes/fix-pipe-null-ptr.patch: fix incorrect increment
  in pipe_write_open()
in the changelog if you are testing KOTD kernels.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [security-announce] New Linux kernel privilege escalation - heads up notice

Frank Steiner
Marcus Meissner wrote

> First, the issue was handled as responsible disclosure with the disclosure date
> on this week (Nov 4 actually, but it turned out to be Nov 3).
>
> Second, we do need QA time to actually test kernels.
>
> Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
> to restart the update. Otherwise we would probably be ready now.

Ok, thanks for clarifying this!
 
> Make sure you have:
> Tue Nov  3 12:14:59 CET 2009 - [hidden email]
> - patches.fixes/fix-pipe-null-ptr.patch: fix incorrect increment
>   in pipe_write_open()
> in the changelog if you are testing KOTD kernels.

Yes, that's in thte kotd from Nov 4th. Thanks for pointing this out!

cu,
Frank


--
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [security-announce] New Linux kernel privilege escalation - heads up notice

jfweber
In reply to this post by Marcus Meissner
On Fri November 6 2009 3:40:53 am Marcus Meissner wrote:
> On Fri, Nov 06, 2009 at 09:30:47AM +0100, Frank Steiner wrote:
> > Hi,
> >
> > Marcus Meissner wrote
> >
<snip>
> > >

> >
> > not meaning to offend anyone, but as far as I can see the patch for
> > this has been added on October 26th to the SuSE sources (SLE 10 SP2):
> >
> > * Mon Oct 26 2009 - [hidden email]
> > - patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
> >   dereference (bnc#550001, CVE-2009-3547).
> >
> > So couldn't the kernels have been out a week ago?
>
> First, the issue was handled as responsible disclosure with the disclosure date
> on this week (Nov 4 actually, but it turned out to be Nov 3).
>
> Second, we do need QA time to actually test kernels.



Awwww, Marcus, we know these things flow fully formed from your pen.. I am not suggesting you don't need a few minutes to check that every token and pipe and all those things are all in their proper places..  ;-D
>
> Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
> to restart the update. Otherwise we would probably be ready now.
>
 Now *THIS* could be a problem, except as usual you guys handled it very quickly.. and all is well.
I'll have to check and make certain all my computers have the right numbers

> Tue Nov  3 12:14:59 CET 2009 - [hidden email]
> - patches.fixes/fix-pipe-null-ptr.patch: fix incorrect increment
>   in pipe_write_open()
> in the changelog if you are testing KOTD kernels.


Thanks again for all the work  you guys do to make this as smooth a ride as possible for all of us.
Good Karma points all around  for the team...
OR... a virtual beer ...
;-D
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [security-announce] New Linux kernel privilege escalation - heads up notice

Harald Koenig
In reply to this post by Marcus Meissner
On Nov 06, Marcus Meissner wrote:

> Second, we do need QA time to actually test kernels.
>
> Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
> to restart the update. Otherwise we would probably be ready now.

any ETA for new kernel update RPMs with (11.1 and SLES11) ?


thanks,

Harald
--
"I hope to die                                      ___       _____
before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
                                                       \/\/\/\/\/\/\/\/\/
Harald Koenig                                           //  /     \\  \
[hidden email]                     ^^^^^       ^^^^^
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: [security-announce] New Linux kernel privilege escalation - heads up notice

Marcus Meissner
On Thu, Nov 19, 2009 at 06:16:10PM +0100, Harald Koenig wrote:
> On Nov 06, Marcus Meissner wrote:
>
> > Second, we do need QA time to actually test kernels.
> >
> > Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had
> > to restart the update. Otherwise we would probably be ready now.
>
> any ETA for new kernel update RPMs with (11.1 and SLES11) ?

We are starting the update now, release perhaps next week.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]