|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
FWD: Redhat advisory
Subject: FWD: Redhat advisory
From: Alfred Huger (ah
SECURITYFOCUS.COM)
Date: Tue Jan 04 2000 - 14:43:39 CST
- Next message: Kit Knox: "[rootshell] Security Bulletin #27"
- Previous message: David TILLOY: "Re: PHP3 safe_mode and popen()"
- Next in thread: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
- Reply: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Red Hat, Inc. Security Advisory
Synopsis: New version of usermode fixes security bug
Advisory ID: RHSA-2000:001-01
Issue date: 2000-01-04
Updated on: 2000-01-04
Keywords: root userhelper pam
Cross references:
1. Topic:
A security bug has been discovered and fixed in the userhelper program.
2. Relevant releases/architectures:
Red Hat Linux 6.0 and 6.1, all architectures.
3. Problem description:
A security bug was found in userhelper; the bug can be exploited to
provide local
users with root access.
The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been
modified to
help prevent similar attacks on other software in the future.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info):
6. Obsoleted by:
7. Conflicts with:
8. RPMs required:
Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm
ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm
Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm
ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm
Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm
ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm
9. Verification:
MD5 sum Package Name
bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm
2d69859d2b1d2180d254fc263bdccf94 i386/usermode-1.17-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm
83c69cb92b16bb0eef295acb4c857657 alpha/usermode-1.17-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm
d89495957c9a438fda657b8a4a5f5578 sparc/usermode-1.17-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm
1d3b367d257a57de7d834043a4fcd87a SRPMS/usermode-1.17-1.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is
available
at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered
with, examine only the md5sum with the following command:
rpm --checksig --nogpg
10. References:
Thanks to dildogl0pht.com for finding this bug.
- Next message: Kit Knox: "[rootshell] Security Bulletin #27"
- Previous message: David TILLOY: "Re: PHP3 safe_mode and popen()"
- Next in thread: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
- Reply: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Jan 04 2000 - 21:28:30 CST