The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[RHSA-2001:084-03] Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 22 Jun 2001 14:30 -0400
From: [email protected]
To: [email protected]
Subject: [RHSA-2001:084-03] Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes
Cc: [email protected], [email protected], [email protected],
 [email protected]

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Kernel: FTP iptables vulnerability in 2.4 kernel and gen=
eral bug fixes
Advisory ID:       RHSA-2001:084-03
Issue date:        2001-06-21
Updated on:        2001-06-21
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , iptables, FTP, ip_conntrack_ftp, kernel,  (найти похожие документы)
Cross references:=20=20 Obsoletes: RHSA-2001:052-02 --------------------------------------------------------------------- 1. Topic: A security hole has been found that does not affect the default configuration of Red Hat Linux, but it can affect some custom configurations of Red Hat Linux 7.1. The bug is specific to the Linux 2.4 kernel series. Aside from the fix, countless bugfixes have been applied to this kernel as a result of code-audits by the MC project of the Stanford University and others. 2. Relevant releases/architectures: Red Hat Linux 7.1 - i386, i586, i686 3. Problem description: A vulnerability in iptables "RELATED" connection tracking has been discovered. When using iptables to allow FTP "RELATED" connections through the firewall, carefully constructed PORT commands can open arbitrary holes in the firewall. Default installations of Red Hat Linux 7.1 are not vulnerable; however upgrading to this kernel is recommended regardless in order to benefit from the other bug fixes in this kernel. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The procedure for upgrading the kernel is documented at: http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html Please read the directions for your architecture carefully before proceeding with the kernel upgrade. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 26999 - drm:r128_do_wait_for_fifo 29140 - Garbage output reported in kernel startup scanning DMA zones 29573 - erroneous IRQ conflict message 29555 - [aic7xxx] Installer hangs loading the aic7xxx module 29730 - Installer hangs when mounting IDE CDROM 31769 - Kernel fails to load cs46xx module on an IBM Thinkpad T20 32723 - No Bass on Sound Blaster Live (emu10k1 chip) on 2.4.x kernel 36897 - missing entry in listing of an NFS directory served by IRIX 38429 - Ext2 file corruption with RH71 2.4.2-2 kernel and ServerWorks chips= et 38536 - ide=3Dreverse option not in install kernel 38588 - Installer hangs during package upgrades from 6.2 39445 - pcnet32: warning: PROM address does not match CSR addre 39468 - Integration of TUX broke higher number system calls 39845 - mtrr not working properly (kernel 2.4.2-2) 40123 - Rebuild of custom kernel fails with 'undefined reference' 40793 - PCMCIA services fail to recognize inserts and removals on Dell Lati= tude CPx with more than 256Mb RAM 41353 - Poweroff crashes just before it should power down 41856 - mtrr (write-combining) messages on Athlon 1300 43659 - Installer hangs when sym58c8xx driver loading for Tekram DC-390U3W 43940 - wvlan_cs update to 1.07 in 2.4.3-track 6. RPMs required: Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-2.4.3-12.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-headers-2.4.3-12.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/kernel-source-2.4.3-12.i386.rpm i586: ftp://updates.redhat.com/7.1/en/os/i586/kernel-2.4.3-12.i586.rpm ftp://updates.redhat.com/7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm i686: ftp://updates.redhat.com/7.1/en/os/i686/kernel-2.4.3-12.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-enterprise-2.4.3-12.i686.rpm ftp://updates.redhat.com/7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 4fc88b39d9a4c133383e26e169ea0028 7.1/en/os/SRPMS/kernel-2.4.3-12.src.rpm 56441741db1afc54585c09d5d70958d2 7.1/en/os/i386/devfsd-2.4.3-12.i386.rpm dc7d6ca72aa0a81cd9070ac41c00c084 7.1/en/os/i386/kernel-2.4.3-12.i386.rpm 33eaefca0670a7908d2dd27bae24937a 7.1/en/os/i386/kernel-BOOT-2.4.3-12.i386.r= pm d6494b754931b3f8cad2a9db985e9183 7.1/en/os/i386/kernel-doc-2.4.3-12.i386.rpm 6409be31e631616ad1382dd8abe49009 7.1/en/os/i386/kernel-headers-2.4.3-12.i38= 6.rpm 047d31db622884f59036b2de6c02f72a 7.1/en/os/i386/kernel-source-2.4.3-12.i386= .rpm f2c2424f9ab4e04ae10ca81ef971edca 7.1/en/os/i586/kernel-2.4.3-12.i586.rpm dc5b453ba1f85cbe7747c016fe957c5c 7.1/en/os/i586/kernel-smp-2.4.3-12.i586.rpm 6e4dfbf5e9381a7c37113f61d77276df 7.1/en/os/i686/kernel-2.4.3-12.i686.rpm 0ef5481dd241cdae1df75b7f4cd3a213 7.1/en/os/i686/kernel-enterprise-2.4.3-12.= i686.rpm 5588b32b37b96493ce4d37eaaa1e2f3f 7.1/en/os/i686/kernel-smp-2.4.3-12.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.redhat.com/support/errata/RHSA-2001-052.html http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html Copyright(c) 2000, 2001 Red Hat, Inc.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру