>Date: Tue, 31 Aug 1999 02:23:50 +0000 (UTC) >From: Henry White <[EMAIL PROTECTED]> >X-Sender: [EMAIL PROTECTED] >To: BLT <[EMAIL PROTECTED]> >Mailing-List: list [EMAIL PROTECTED]; contact [EMAIL PROTECTED] >Delivered-To: mailing list [EMAIL PROTECTED] >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >Reply-to: [EMAIL PROTECTED] >Subject: [blt] [SECURITY] New versions of cron fixes possible root exploit (fwd) > > >---------- Forwarded message ---------- >Date: Mon, 30 Aug 1999 16:46:51 +0200 >From: Martin Schulze <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: Debian Security Announcements <[EMAIL PROTECTED]> >Subject: [SECURITY] New versions of cron fixes possible root exploit >Resent-Date: 30 Aug 1999 15:08:26 -0000 >Resent-From: [EMAIL PROTECTED] >Resent-cc: recipient list not shown: ; > >---------------------------------------------------------------------------- >Debian Security Advisory [EMAIL PROTECTED] >http://www.debian.org/security/ Martin Schulze >August 30, 1999 >---------------------------------------------------------------------------- > > >Red Hat has recently released a Security Advisory (RHSA-1999:030-01) >covering a reverse denial of service bug in the vixie cron package. >As user you could restart sendmail even if the host should not receive >mail through the SMTP port. > >Further investigation of Caldera and Debian discovered that it was >even worse. Red Hat did find a root exploit but didn' notice. When >sending a mail to the user Vixie Cron ran as root, not checking the >mail address that was passed to sendmail on the commandline. > > >We recommend you upgrade your cron package immediately. > > >wget url > will fetch the file for you >dpkg -i file.deb > will install the referenced file. > > >Debian GNU/Linux 2.1 alias slink >-------------------------------- > > This version of Debian was released only for the Intel, the > Motorola 68xxx, the alpha and the Sun sparc architecture. > > Source archives: > > http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.diff .gz > MD5 checksum: 96a4b55e06127c4a6cf31ee511227adb > http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.dsc > MD5 checksum: 3998735f00d3f10a5e290227db6bf611 > http://security.debian.org/dists/stable/updates/source/cron_3.0pl1.orig.tar.gz > MD5 checksum: 4c64aece846f8483daf440f8e3dd210f > > Alpha architecture: > > http://security.debian.org/dists/stable/updates/binary-alpha/cron_3.0pl1-50. 2_alpha.deb > MD5 checksum: cbab162fffd7dba71373b3eb62201b52 > > Intel ia32 architecture: > > http://security.debian.org/dists/stable/updates/binary-i386/cron_3.0pl1-50.2 _i386.deb > MD5 checksum: 85d9ffff103d0121101b7b80817d0abe > > Motorola 680x0 architecture: > > http://security.debian.org/dists/stable/updates/binary-m68k/cron_3.0pl1-50.2 _m68k.deb > MD5 checksum: 62a039991c237a92c4a3cdcef4a328d7 > > Sun Sparc architecture: > > http://security.debian.org/dists/stable/updates/binary-sparc/cron_3.0pl1-50. 2_sparc.deb > MD5 checksum: 56f5e099ab621572b560706e1eec9ebb > > >Debian GNU/Linux pre2.2 alias potato >------------------------------------ > > Source archives: > > http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.diff .gz > MD5 checksum: f500a0dc7175d64de4822f159a51d739 > http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.dsc > MD5 checksum: 1a16af335a106805ecdd6585a75ee61a > http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1.orig.ta r.gz > MD5 checksum: 4c64aece846f8483daf440f8e3dd210f > > Alpha architecture: > > http://security.debian.org/dists/unstable/updates/binary-alpha/cron_3.0pl1-5 2_alpha.deb > MD5 checksum: 8e5246a79269b8f489a3cdb7efc41661 > > ARM architecture: > > http://security.debian.org/dists/unstable/updates/binary-arm/cron_3.0pl1-52_ arm.deb > MD5 checksum: 8d103d4a60ec94d1f0fb07caabd34575 > > Intel ia32 architecture: > > http://security.debian.org/dists/unstable/updates/binary-i386/cron_3.0pl1-52 _i386.deb > MD5 checksum: a7f8de4f43aa21e2fe94fe602c6c2c83 > > Motorola 680x0 architecture: > > http://security.debian.org/dists/unstable/updates/binary-m68k/cron_3.0pl1-52 _m68k.deb > MD5 checksum: b2e866ecc10e95094202327eab5fc0fd > > PowerPC architecture: > > http://security.debian.org/dists/unstable/updates/binary-powerpc/cron_3.0pl1 -52_powerpc.deb > MD5 checksum: 058a25564bc7c9c6fb153eafa0126cee > > Sun Sparc architecture: > > http://security.debian.org/dists/unstable/updates/binary-sparc/cron_3.0pl1-5 2_sparc.deb > MD5 checksum: ed34f37c41d9322ba094ede04d8d2e16 > > >For not yet released architectures please refer to the appropriate >directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . > >---------------------------------------------------------------------------- >For apt-get: deb http://security.debian.org/ stable updates >For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates >Mailing list: [EMAIL PROTECTED] > >Attachment Converted: "C:\EUDORA\Attach\[blt] [SECURITY] New versions o" > OUR ADDRESS IS : M/s. ISPAT SALES (INDIA) PVT. LTD. 149/151, CENTRAL FACILITY Bldg., ABOVE PUNJAB NATIONAL BANK, PHASE - II, A.P.M.C. Mkt., SECTOR -19, VASHI, NEW BOMBAY - 400 705 MAHARASHTRA, INDIA TEL : 765 8861/-2/-3 / 766 2439/-40 FAX : 0091-022-7653400 E-M : <mailto:[EMAIL PROTECTED]> KIND ATTN : Mr. NIKHIL R. GHAI (DIRECTOR - OVERSEAS)
