openSUSE Security October 2010

security@lists.opensuse.org

17 participants
7 discussions

[opensuse-security] otrs and permissions file
by Christian 24 Apr '12

24 Apr '12

Hi, for otrs I need this config: (https://build.opensuse.org/package/show?package=otrs&project=network%3Aotrs…) %defattr(0644,%{name},www,0775) %dir /opt/%{name}/var/article %dir /opt/%{name}/var/log %dir /opt/%{name}/var/tmp but obs is complaining: permissions-directory-setuid-bit and I should contact security(a)suse.de Here I am :) Is this acceptable ? Kind Regards Chris -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 6

[opensuse-security] Recent RDS Exploit
by James Wright 08 Nov '10

08 Nov '10

Hello, After reading about the RDS vulnerability identified by VSR Security <http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-sup…>, I tested this out for myself by compiling the proof of concept. Here is the output of the test: jfwright@linux-x0ou:~/Downloads> id uid=1000(jfwright) gid=100(users) groups=16(dialout),20(cdrom),33(video),100(users),1000(vboxusers) jfwright@linux-x0ou:~/Downloads> ./linux-rds-exploit [*] Linux kernel >= 2.6.30 RDS socket exploit [*] by Dan Rosenberg [*] Resolving kernel addresses... [+] Resolved rds_proto_ops to 0xffffffffa0f5ee80 [+] Resolved rds_ioctl to 0xffffffffa0f57000 [+] Resolved commit_creds to 0xffffffff810785f0 [+] Resolved prepare_kernel_cred to 0xffffffff81078790 [*] Overwriting function pointer... [*] Triggering payload... [*] Restoring function pointer... [*] Got root! linux-x0ou:~/Downloads> id uid=0(root) gid=0(root) As you can see it works. I then updated the kernel to: Repository: @System Name: kernel-desktop Version: 2.6.34.7-0.4.1 Arch: x86_64 Vendor: openSUSE Installed: Yes Status: up-to-date I have at least a few and possibly many machines that will require a security fix. Is there a planned release date for a security patch, and is there a known work around to prevent this from being exploited? Thanks, James -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

4 6

[opensuse-security] Kernel freezing KDE4 (was: Re: [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2010:051))
by David Hücking 02 Nov '10

02 Nov '10

Am Freitag, den 15.10.2010, 16:28 +0200 schrieb Marcus Meissner: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ______________________________________________________________________________ > > SUSE Security Announcement > > Package: kernel > Announcement ID: SUSE-SA:2010:051 > Date: Fri, 15 Oct 2010 14:00:00 +0000 > Affected Products: openSUSE 11.3 > Vulnerability Type: local privilege escalation > CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) > SUSE Default Package: yes > Cross-References: CVE-2010-2962, CVE-2010-3310 > > Content of This Advisory: > 1) Security Vulnerability Resolved: > Linux kernel security update > Problem Description > 2) Solution or Work-Around > 3) Special Instructions and Notes > 4) Package Location and Checksums > 5) Pending Vulnerabilities, Solutions, and Work-Arounds: > See SUSE Security Summary Report. > 6) Authenticity Verification and Additional Information > > ______________________________________________________________________________ > > 1) Problem Description and Brief Discussion > > This updated openSUSE 11.3 kernel fixes the following security bugs: > > CVE-2010-3310: local users could corrupt kernel heap memory via > ROSE sockets. > > CVE-2010-2962: local users could write to any kernel memory location > via the i915 GEM ioctl interface. Exploitability requires the presence > of a i915 compatible graphics card. > > Additionally the update restores the compat_alloc_userspace() > inline function and includes several other bug fixes. Hi! I did set up a PC with i915 graphic chipset 00:02.0 VGA compatible controller: Intel Corporation 82915G/GV/910GL Integrated Graphics Controller (rev 04) 00:02.1 Display controller: Intel Corporation 82915G Integrated Graphics Controller (rev 04) an openSUSE 11.3 x86/ 32Bit running the kernel 2.6.34-7-desktop. I did apply all updates including this Kernel-Update 2.6.34-12-desktop. Now when I try to log on KDE4 the KDE splash screen appears and the system freezes (no reaction on keyboard, mouse or ACPI "on/ off" button). Ĺoging on to IceWM e.g. still works. Rolling back to the 2.6.34-7-desktop does help. Any tips what to do? Try other kernel "flavor"? Is it a bug?! Regards, David. -- Eat, sleep and go running, ;-) David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

3 5

[opensuse-security] Re: [security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2010:050)
by Frank Steiner 28 Oct '10

28 Oct '10

Hi, we are quite confused about the current kernel updates from Novell. 1) Two weeks ago we got this announcement for SLES 11 SP1: Marcus Meissner wrote > ______________________________________________________________________________ > > SUSE Security Announcement > > Package: kernel > Announcement ID: SUSE-SA:2010:050 > Date: Wed, 13 Oct 2010 17:00:00 +0000 > Affected Products: SLE 11 SERVER Unsupported Extras > SUSE Linux Enterprise High Availability Extension 11 SP1 > SUSE Linux Enterprise Desktop 11 SP1 > SUSE Linux Enterprise Server 11 SP1 > Vulnerability Type: local privilege escalation > CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) > SUSE Default Package: yes > Cross-References: CVE-2010-2954, CVE-2010-2960, CVE-2010-2962 > CVE-2010-3078, CVE-2010-3079, CVE-2010-3080 > CVE-2010-3081, CVE-2010-3296, CVE-2010-3297 > CVE-2010-3298, CVE-2010-3310 The new kernel packages offered with this announcmente had the version/release kernel-default-2.6.32.23-0.3.1. 2) Yesterday there was an announcment from the Novell customer center for SLES 11 SP1: 26 Oct 2010 Novell Customer Center ... 11. Security update for the Linux kernel SUSE Linux Enterprise Server 11 for x86-64 http://download.novell.com/Download?buildid=XqWyWoma4DM~ The link leads to a page with: "the Linux kernel (x86_64) 20100617 ... kernel-default-2.6.32.13-0.4.1.x86_64.rpm" Thus, way older than what you announced on Oct. 13th. 3) And tonight our yup mirroring of the Novell server downloaded kernel packages with version/release: kernel-default-2.6.32.19-0.2.1 which was the current kernel before the release from Oct. 13th. I guess the .23 version is still supposed to be the latest one, but what's about the new announcmente from yesterday and all these old packages? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 1

[opensuse-security] dependency issue with openSUSE 11.2 update and Mozilla repo?
by Malte Gell 28 Oct '10

28 Oct '10

Hello, I use Firefox from the Mozilla repo. And there is a security update for openSUSE 11.2: libfreebl3. The updater applet says it collides with mozilla-nspr, "please install manually with YaST". But, when I start YaST manually, YaST says all dependencies are okay... So I guess the libfreebl3 update from the update repo collides with mozilla- nspr from the Mozilla repo? Regards Malte -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 1

[opensuse-security] Can't do ssh as user
by Carlos E. R. 20 Oct '10

20 Oct '10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, I can't do ssh as user from inside gnome, it works from VT. To the root account works, too. cer@Telcontar:~> ssh localhost Received disconnect from ::1: 2: Too many authentication failures for cer Fails locally or to my laptop. And as said, works from the console. My guess is that gnome key-agent is caching a non-existing publick key, and offering it to the server, till this one refuses. Oct 20 22:22:54 Telcontar sshd[18584]: Connection from ::1 port 56303 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Client protocol version 2.0; client software version OpenSSH_5.2 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: match: OpenSSH_5.2 pat OpenSSH* Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Enabling compatibility mode for protocol 2.0 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: Local version string SSH-2.0-OpenSSH_5.2 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: initializing for "cer" Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_RHOST to "localhost" Oct 20 22:22:54 Telcontar sshd[18584]: debug1: PAM: setting PAM_TTY to "ssh" Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys2 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys Oct 20 22:22:54 Telcontar sshd[18584]: debug1: fd 4 clearing O_NONBLOCK Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Oct 20 22:22:54 Telcontar sshd[18584]: debug1: trying public key file /home/cer/.ssh/authorized_keys2 Oct 20 22:22:54 Telcontar sshd[18584]: debug1: restore_uid: 0/0 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Oct 20 22:22:54 Telcontar sshd[18584]: Failed publickey for cer from ::1 port 56303 ssh2 Thats six attempts -> failure. Ah, file "/home/cer/.ssh/authorized_keys2" does not exist. Is it possible to force password authentication for a session? Or to disable the agent for a session? [...] I found this: cer@Telcontar:~> set | grep ssh CVS_RSH=ssh SSH_AUTH_SOCK=/tmp/keyring-CZzKCQ/socket.ssh cer@Telcontar:~> Then: cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -a localhost Password: Last login: Wed Oct 20 22:18:23 2010 from localhost Have a lot of fun... So, that works... Is this a bug? - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAky/Vb4ACgkQtTMYHG2NR9XN2ACgi5KXbYbD+6yg5e65MsDjyis5 SAEAnihnoqFpZ17LdEYz3kmciTU7t57s =TCKR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] re-attaching luks encrypted partition without need of re-entering passphrase
by Susan Dittmar 14 Oct '10

14 Oct '10

Hi folks, I need an idea how to solve a problem concerning automated opening and closing of encrypted partitions. Maybe one of you can help me. On an openSUSE 11.3 laptop, I set up all hard disk partitions (in the easiest case just root and swap) as encrypted partitions using luks as described in http://en.opensuse.org/SBD:Encrypted_root_file_system This works quite well. As boot partition I use a memstick, and this works aswell. Then I thought I'd like to use suspend to disk mechanism. First question: How well encrypted is the written-out RAM in such a setting? In case it is as well encrypted as the rest of the harddisk, all is fine and there's no need to solve the rest of the problem. In case the encryption of the written-out RAM is weaker, let me continue. As long as I use the harddisk's swap as resume partition, this works well. Now my boss had the idea to use a swap partition on the memstick as suspend/resume partition instead. I got that up without fuss for the case that the memstick is inserted at boot time and not removed. As the swap on memstick is quite slow, I only add it to the system's swap for suspend to disk. Took me writing a little script for the suspend-to-disk acpi event, but that's up and running too. But my boss wants to insert the memstick at boot time, then remove it as soon as booting is done. Then he wants to insert it again for supend to disk. In principle that's fine with me. The problem with this is that - I have to remove the resume partition (the swap on the memstick) from the device mapper after boot. Not solved yet, but I think this should be easily solved with an appropriate 'start' script. - I need to re-attach this partition, the memstick's swap partition, before suspend to disk is executed. And for this, I need that partition's passphrase! Unfortunately the suspend-to-disk acpi event script does not run interactively, so it cannot directly prompt for passphrase. I personally could live with only calling suspend-to-disk from command line, which would offer the possibility to prompt for the passphrase. I am setting this up for my collegues though, who are already used to using the laptop's function key. So I need a way to re-attach the resume partition on the memstick *without* any user-interaction for the passphrase. The only solution I could find up to now (though not tested yet) would be to hard-code this passphrase in the script, but I would like to avoid that. So here's my question: As luks already prompted for the passphrase during boot, is there a way to access this passphrase during this re-mount of the memstick's swap partition? Any way of keeping this partition's information although the memstick is removed (and re-attached) in the time between boot and suspend-to-disk? Thanks for any ideas, Susan -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

9 30

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security October 2010