Bugzilla – Bug 497551
VUL-0: CVE-2009-1072: kernel: missing capabilities in fs_mask
Last modified: 2018-10-10 08:28:08 UTC
Hi. There is a security bug in 'kernel'. This information is from 'oss-security'. This bug is public. There is no coordinated release date (CRD) set. More information can be found here: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commitdiff;h=1c06d5237647db43cb2043a19cb393f4ed4d942f Original posting: ----- Forwarded message from Eugene Teo <eugene@redhat.com> ----- Reply-To: oss-security@lists.openwall.com Date: Thu, 23 Apr 2009 13:49:21 +0800 From: Eugene Teo <eugene@redhat.com> User-Agent: Thunderbird 2.0.0.21 (X11/20090320) To: oss-security@lists.openwall.com Cc: "Steven M. Christey" <coley@linus.mitre.org> Subject: Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask Eugene Teo wrote: > "When POSIX capabilities were introduced during the 2.1 Linux cycle, the > fs mask, which represents the capabilities which having fsuid==0 is > supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE. > However, before capabilities the privilege to call these did in fact > depend upon fsuid==0. > > This patch introduces those capabilities into the fsmask, restoring the > old behavior. > > See the thread starting at http://lkml.org/lkml/2009/3/11/157 for reference. > > Note that if this fix is deemed valid, then earlier kernel versions (2.4 > and 2.2) ought to be fixed too. > > Changelog: > [Mar 23] Actually delete old CAP_FS_SET definition... > [Mar 20] Updated against J. Bruce Fields's patch" > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=497047 > http://lwn.net/Articles/328572/?format=printable > http://lwn.net/Articles/328594/?format=printable > http://git.kernel.org/linus/0ad30b8fd5fe798aae80df6344b415d8309342cc Here's the link to the kernel 2.4 patch: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commitdiff;h=1c06d5237647db43cb2043a19cb393f4ed4d942f Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team ----- End forwarded message -----
This patch was included in 2.6.27.22 and will be a part of the next update.
Applied 0ad30b8fd5fe798aae80df6344b415d8309342cc to SL110_BRANCH. Applied the v2.4 version to SLES9_SP4_BRANCH, SLES10_SP2_BRANCH, SLES10_SP3_BRANCH, and SL103_BRANCH.
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP2 (ppc) SLE-SDK 10-SP2 (ppc) SLE-SERVER 10-SP2 (ppc)
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP2 (i386) SLE-DESKTOP 10-SP2 (i386) SLE-SDK 10-SP2 (i386) SLE-SERVER 10-SP2 (i386)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP2 (ia64) SLE-SDK 10-SP2 (ia64) SLE-SERVER 10-SP2 (ia64)
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP2 (s390x) SLE-SERVER 10-SP2 (s390x)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-DEBUGINFO 10-SP2 (x86_64) SLE-DESKTOP 10-SP2 (x86_64) SLE-SDK 10-SP2 (x86_64) SLE-SERVER 10-SP2 (x86_64)
This bug was fixed/mentioned in the kernel that was released on May 22 for SLES/SLED 10 SP2, the released kernel version is 2.6.16.60-0.39.3.
Update released for: kernel-bigsmp, kernel-debug, kernel-default, kernel-kdump, kernel-ppc64, kernel-rt, kernel-rt_debug, kernel-source, kernel-syms, kernel-xen, kernel-xenpae Products: openSUSE 10.3 (i386, ppc, x86_64)
Update released for: acerhk-kmp-debug, acx-kmp-debug, appleir-kmp-debug, at76_usb-kmp-debug, atl2-kmp-debug, aufs-kmp-debug, dazuko-kmp-debug, drbd-kmp-debug, gspcav-kmp-debug, iscsitarget-kmp-debug, ivtv-kmp-debug, kernel-debug, kernel-default, kernel-docs, kernel-kdump, kernel-pae, kernel-ppc64, kernel-ps3, kernel-source, kernel-syms, kernel-vanilla, kernel-xen, kqemu-kmp-debug, nouveau-kmp-debug, omnibook-kmp-debug, pcc-acpi-kmp-debug, pcfclock-kmp-debug, tpctl-kmp-debug, uvcvideo-kmp-debug, virtualbox-ose-kmp-debug, vmware-kmp-debug, wlan-ng-kmp-debug Products: openSUSE 11.0 (debug, i386, ppc, x86_64)
done for all branches (or currently in QA)
This bug was mentioned / fixed in the currently released SLES 9 maintenance kernel update with version 2.6.5-7.317.
Update released for: kernel-bigsmp, kernel-bigsmp-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-um, kernel-um-debug, kernel-xen, kernel-xen-debug, kernel-xenpae, kernel-xenpae-debug, um-host-install-initrd, um-host-kernel Products: Novell-Linux-Desktop 9 (i386) Open-Enterprise-Server 9 (i386)
Update released for: kernel-64k-pagesize, kernel-64k-pagesize-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-sn2, kernel-sn2-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ia64)
Update released for: kernel-default, kernel-default-debug, kernel-iseries64, kernel-iseries64-debug, kernel-pmac64, kernel-pmac64-debug, kernel-pseries64, kernel-pseries64-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ppc)
Update released for: kernel-s390x, kernel-s390x-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (s390x)
A SLERT 10 SP2 kernel update was just released with this bug referenced, version 2.6.22.19-0.22.
this is also CVE-2009-1072
Update released for: ib-bonding-kmp-rt, ib-bonding-kmp-rt_bigsmp, ib-bonding-kmp-rt_debug, ib-bonding-kmp-rt_timing, kernel-rt, kernel-rt_bigsmp, kernel-rt_debug, kernel-rt_timing, kernel-source, kernel-syms, ofed, ofed-cxgb3-NIC-kmp-rt, ofed-cxgb3-NIC-kmp-rt_bigsmp, ofed-cxgb3-NIC-kmp-rt_debug, ofed-cxgb3-NIC-kmp-rt_timing, ofed-doc, ofed-kmp-rt, ofed-kmp-rt_bigsmp, ofed-kmp-rt_debug, ofed-kmp-rt_timing Products: SLE-RT 10-SP2 (i386, x86_64)
CVE-2009-1072: CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:C/A:N)