Advisories:rPSA-2009-0121
From rPath Wiki
rPath Security Advisory 2009-0121-1
Published: 2009-08-18
Products
- rPath Appliance Platform Linux Service 1
- rPath Appliance Platform Linux Service 2
- rPath Linux 2
Rating
- Minor
Exposure Level Classification
- Local Root Deterministic Unauthorized Access
Updated Versions
- kernel=conary.rpath.com@rpl:2/2.6.29.6-0.6-1
- kernel=rap-emc.rpath.com@rpath:emc-production-2/2.6.29.6-2-1
- kernel=rap-emc.rpath.com@rpath:emc-production-2/2.6.29.6-2-1
- kernel=rap.rpath.com@rpath:linux-1/2.6.29.6-7-1
- open-vm-tools=conary.rpath.com@rpl:2/2009.07.22_179896-0.2-1
- open-vm-tools=rap.rpath.com@rpath:linux-1/2009.07.22_179896-2-1
rPath Issue Tracking System
References
Description
- Previous versions of the kernel have a weakness which in a non-default
- configuration (if vm.mmap_min_addr is 0) allows normal users processes
- to execute arbitrary code as the root user. rPath Linux is configured
- by default with vm.mmap_min_addr=65536 and so is not vulnerable
- by default. Furthermore, rPath Linux does not include two other
- mechanisms by which this vulnerability has been exploited (pulseaudio
- and SELinux policy permitting access to address 0).
- In addition, the open-vm-tools package (including kernel modules)
- has been updated to the most recent upstream release for continued
- compatibility with new VMware hosts. In addition, this enables user
- programs to use the libraries included in open-vm-tools. However,
- the library interfaces included in open-vm-tools are not being
- maintained by rPath as a stable library interface; future updates of
- the open-vm-tools package will follow whatever changes have been made
- in the upstream open-vm-tools package to the open-vm-tools libraries,
- even if those changes are incompatible with the current versions.
Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html