Re: Slrnpull Buffer Overflow (-d parameter)
Alex Hernandez ([EMAIL PROTECTED]) said: > Linux RH.6.2 Sparc64 and below versions. On Red Hat Linux 6.2 for sparc: # ls -l /usr/bin/slrnpull -rwxr-s---1 news news48688 Feb 7 2000 /usr/bin/slrnpull # rpm -q slrn-pull slrn-pull-0.9.6.2-4 With all updates applied: # ls -l /usr/bin/slrnpull -rwxr-s---1 root news55456 Mar 1 2001 /usr/bin/slrnpull # rpm -q slrn-pull slrn-pull-0.9.6.4-0.6 Hence, while you may be able to get group news, the program is only runnable by group news. So, I don't think there are any security implications here. Bill
[RHSA-2000:002] New lpr packages available
- Red Hat, Inc. Security Advisory Synopsis: New lpr packages available Advisory ID:RHSA-2000:002-01 Issue date: 2000-01-07 Updated on: 2000-01-07 Keywords: lpr lpd DNS sendmail Cross references: - 1. Topic: New lpr packages are available to fix two security problems in lpd. 2. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.x, all architectures 3. Problem description: Two security vulnerabilities exist in the lpd (line printer daemon) shipped with the lpr package. First, authentication was not thorough enough. If a remote user was able to control their own DNS so that their IP address resolved to the hostname of the print server, access would be granted, when it should not be. Secondly, it was possible in the control file of a print job to specify arguments to sendmail. By careful manipulation of control and data files, this could cause sendmail to be executed with a user-specified configuration file. This could lead very easily to a root compromise. It is recommended that all users of Red Hat Linux using the lpr package (which is required to print) upgrade to the fixed packages. Thanks go to DilDog ([EMAIL PROTECTED]) for noting the vulnerability. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/ for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/lpr-0.48-1.i386.rpm Alpha: ftp://updates.redhat.com/6.1/alpha/lpr-0.48-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.1/sparc/lpr-0.48-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/lpr-0.48-1.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/lpr-0.48-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/lpr-0.48-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/lpr-0.48-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/lpr-0.48-0.5.2.src.rpm Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/lpr-0.48-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/lpr-0.48-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/lpr-0.48-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/lpr-0.48-0.4.2.src.rpm 9. Verification: MD5 sum Package Name -- 78f2220331189e723eab944b53d0710e i386/lpr-0.48-1.i386.rpm 3fcb89eb1a76741a505d3eeeddfa3674 alpha/lpr-0.48-1.alpha.rpm 441cfee04428ca215d98d9ce3d20bc4d sparc/lpr-0.48-1.sparc.rpm 55c6a740b03569919ec08992257cad96 SRPMS/lpr-0.48-1.src.rpm 25ba4d2b49ff42403062d44f52f59947 i386/lpr-0.48-0.5.2.i386.rpm aa13284c581601705fef727565ed407e alpha/lpr-0.48-0.5.2.alpha.rpm 8d158ba104fadbfc84b5122f9564b2ed sparc/lpr-0.48-0.5.2.sparc.rpm 3d7a10a086f5bd5aea739ec41d761881 SRPMS/lpr-0.48-0.5.2.src.rpm a21594df002e91e336abd310e3f1 i386/lpr-0.48-0.4.2.i386.rpm a96363769e3815a5a5bb40084d8fac61 alpha/lpr-0.48-0.4.2.alpha.rpm f56271b462851990238a24a5357c454f sparc/lpr-0.48-0.4.2.sparc.rpm 48453e0c888e3d124a6b50fbb9a89be9 SRPMS/lpr-0.48-0.4.2.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 10. References:
[RHSA-1999:055-01] Denial of service attack in syslogd
- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID:RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 - 1. Topic: A denial of service attack exists in the system log daemon, syslogd. 2. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.0, all architectures Red Hat Linux 6.1 is not vulnerable to this security issue. However, users of Red Hat Linux 6.1/Intel may wish to upgrade to the latest package to fix a problem in the syslog daemon where log connections would be reset after the syslog daemon is restarted. 3. Problem description: The syslog daemon by default used unix domain stream sockets for receiving local log connections. By opening a large number of connections to the log daemon, the user could make the system unresponsive. Thanks go to Olaf Kirch ([EMAIL PROTECTED]) for noting the vulnerability and providing patches. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. libc updates are needed for Red Hat Linux 4.2 for the Intel and Sparc architectures so that logging will work correctly with the upgraded sysklogd packages. Note: Upgrading to these sysklogd packages may impair the logging abilities of some software that does not use the standard C library syslog(3) interface to the system logs. Such software may have to be changed to use datagram connections instead of stream connections to the log socket. 5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-debug-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-devel-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-profile-5.3.12-18.5.i386.rpm ftp://updates.redhat.com/4.2/i386/libc-static-5.3.12-18.5.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-debug-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-devel-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-profile-5.3.12-18.5.sparc.rpm ftp://updates.redhat.com/4.2/sparc/libc-static-5.3.12-18.5.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm ftp://updates.redhat.com/4.2/SRPMS/libc-5.3.12-18.5.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-1.5.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-1.5.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-1.5.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-1.5.src.rpm Red Hat Linux 6.0: Intel: ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/sysklogd-1.3.31-14.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/sysklogd-1.3.31-14.sparc.rpm Source packages: ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm Red Hat Linux 6.1: Intel: ftp://updates.redhat.com/6.1/i386/sysklogd-1.3.31-14.i386.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/sysklogd-1.3.31-14.src.rpm 9. Verification: MD5 sum Package Name -- 378d0be4ef864e9106fe46349cb366b9 i386/sysklogd-1.3.31-0.5.i386.rpm 801c745d3e920d29fdea2f5be07d25b3 i386/libc-5.3.12-18.5.i386.rpm 1d5ba779311e222a824895e0a6b34516 i386/libc-debug-5.3.12-18.5.i386.rpm bacf136ee00f323fcf0a8db95b5ab231 i386/libc-devel-5.3.12-18.5.i386.rpm a25eb15726a1c216b3bdf9ab1b2d670c i386/libc-profile-5.3.12-18.5.i386.rpm 62bc3f2df09cdc0abd4138b51894b6a7 i386/libc-static-5.3.12-18.5.i386.rpm bafdc46464b2ae72739630c14e2eeb5a alpha/sysklogd-1.3.31-0.5.alpha.rpm f34994e1cd262f01dc5c11681a31855e sparc/sysklogd-1.3.31-0.5.sparc.rpm 7130a7c76581cde28790638e6696d522 sparc/libc-5.3.12-18.5.sparc.rpm f81bae231d268bd1a1a703f13fb4c140 sparc/libc-debug-5.3.12-18.5.sparc.rpm 0938e6fb074dd0769542037194ccb031 sparc/libc-devel-5.3.12-18.5.sparc.rpm bceef7f99adc7b198f743eacd770db5b sparc/libc-profile-5.3.12-18.5.sparc.rpm ef2d6ecb52d6ef30fac839e3a0c4e7d0 sparc/libc-static-5.3.12-18.5.sparc.rpm d371c2f33b29034be986b95f3acf457f SRPMS/sysklogd-1.3.31-0.5.src.rpm
[RHSA-1999:054-01] Security problems in bind
- Red Hat, Inc. Security Advisory Synopsis: Security problems in bind Advisory ID:RHSA-1999:054-01 Issue date: 1999-11-11 Updated on: 1999-11-11 Keywords: bind named NXT solinger fdmax Cross references: http://www.isc.org/products/BIND/bind-security-19991108.html - 1. Topic: Several security vulnerabilities exist in the DNS server, 'bind'. 2. Relevant releases/architectures: Red Hat Linux 4.x, all platforms Red Hat Linux 5.x, all platforms Red Hat Linux 6.x, all platforms 3. Problem description: Various vulnerabilities exist in previous versions of bind: - A bug in the processing of NXT records can theoretically allow a remote attacker to gain access to the DNS server as the user running bind (by default, root). This vulnerability does not affect the bind packages that shipped with Red Hat Linux 4.2 and Red Hat Linux 5.2. - Several remote denial-of-service attacks are possible; by using abnormal TCP options, causing the DNS server to use many file descriptors, or using special SIG records, it may be possible to crash the DNS server. It is recommended that all users of bind upgrade to the latest packages. Thanks go to ISC for providing the updated packages. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/bind-8.2.2_P3-0.4.2.i386.rpm ftp://updates.redhat.com/4.2/i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm ftp://updates.redhat.com/4.2/i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/bind-8.2.2_P3-0.4.2.alpha.rpm ftp://updates.redhat.com/4.2/alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm ftp://updates.redhat.com/4.2/alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/bind-8.2.2_P3-0.4.2.sparc.rpm ftp://updates.redhat.com/4.2/sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm ftp://updates.redhat.com/4.2/sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/bind-8.2.2_P3-0.4.2.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/bind-8.2.2_P3-0.5.2.i386.rpm ftp://updates.redhat.com/5.2/i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm ftp://updates.redhat.com/5.2/i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/bind-8.2.2_P3-0.5.2.alpha.rpm ftp://updates.redhat.com/5.2/alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm ftp://updates.redhat.com/5.2/alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/bind-8.2.2_P3-0.5.2.sparc.rpm ftp://updates.redhat.com/5.2/sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm ftp://updates.redhat.com/5.2/sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/bind-8.2.2_P3-0.5.2.src.rpm Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/bind-8.2.2_P3-1.i386.rpm ftp://updates.redhat.com/6.1/i386/bind-devel-8.2.2_P3-1.i386.rpm ftp://updates.redhat.com/6.1/i386/bind-utils-8.2.2_P3-1.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/bind-8.2.2_P3-1.alpha.rpm ftp://updates.redhat.com/6.0/alpha/bind-devel-8.2.2_P3-1.alpha.rpm ftp://updates.redhat.com/6.0/alpha/bind-utils-8.2.2_P3-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/bind-8.2.2_P3-1.sparc.rpm ftp://updates.redhat.com/6.0/sparc/bind-devel-8.2.2_P3-1.sparc.rpm ftp://updates.redhat.com/6.0/sparc/bind-utils-8.2.2_P3-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/bind-8.2.2_P3-1.src.rpm 9. Verification: MD5 sum Package Name -- 85f36ee60d5399199afe7edf9ce18942 i386/bind-8.2.2_P3-0.4.2.i386.rpm e98ff23ac5cdcd888043697f1db9e353 i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm 287949831c6c61689a74b72e3e079c3b i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm 2b62c4d7e7dee54ecb91fff5297c47b1 alpha/bind-8.2.2_P3-0.4.2.alpha.rpm 06d0fdcca32569dbdb5d3002c253747a alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm e49d10be181ad751924da9cc7c420b45 alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm 71ae14362db69894d621bc1a83e1ce87 sparc/bind-8.2.2_P3-0.4.2.sparc.rpm 4c8d988b34242f92233a3aabe82c4849 sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm 923af5f384cca91082d76acc29e622ec sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm 8be7216693b2bfff239731687c75c7e9 SRPMS/bind-8.2.2_P3-0.4.2.src.rpm 43958baf4d3cdd6ff9739af76ea49247 i386/bind-8.2.2_P3-0.5.2.i386.rpm 40f7819efa41df675337a762a2fa951d i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm 663b01244e07904cb20df7051a685c01 i386/bind-utils-8.2.2_P3-0.5.2.i3
[RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2)
- Red Hat, Inc. Security Advisory Synopsis: new NFS server packages available (5.2, 4.2) Advisory ID:RHSA-1999:053-01 Issue date: 1999-11-11 Updated on: 1999-11-11 Keywords: nfs-server PATH_MAX NAME_MAX rpc.nfsd Cross references: Bugtraq id #782 - 1. Topic: A buffer overflow exists in the user space NFS daemon that shipped with Red Hat Linux 4.2 and 5.2. 2. Relevant releases/architectures: Red Hat Linux 4.x, all platforms Red Hat Linux 5.x, all platforms Red Hat Linux 6.x uses the knfsd kernel space NFS daemon, and is not affected by this problem. 3. Problem description: The length of a path name was not checked on the removal of a directory. If a long enough directory name was created, the buffer holding the pathname would overflow, and the possibility exists that arbitrary code could be executed as the user the NFS server runs as (root). Exploiting this buffer overflow does require read/write access to a share on an affected server. 4. Solution: It is recommended that all users of Red Hat Linux 4.x and 5.x update to the fixed packages. Thanks go to Olaf Kirch ([EMAIL PROTECTED]) for providing a fix. For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6. Obsoleted by: 7. Conflicts with: 8. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/nfs-server-2.2beta47-0.i386.rpm ftp://updates.redhat.com/4.2/i386/nfs-server-clients-2.2beta47-0.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/nfs-server-2.2beta47-0.alpha.rpm ftp://updates.redhat.com/4.2/alpha/nfs-server-clients-2.2beta47-0.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/nfs-server-2.2beta47-0.sparc.rpm ftp://updates.redhat.com/4.2/sparc/nfs-server-clients-2.2beta47-0.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/nfs-server-2.2beta47-0.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/nfs-server-2.2beta47-1.i386.rpm ftp://updates.redhat.com/5.2/i386/nfs-server-clients-2.2beta47-1.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/nfs-server-2.2beta47-1.alpha.rpm ftp://updates.redhat.com/5.2/alpha/nfs-server-clients-2.2beta47-1.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/nfs-server-2.2beta47-1.sparc.rpm ftp://updates.redhat.com/5.2/sparc/nfs-server-clients-2.2beta47-1.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/nfs-server-2.2beta47-1.src.rpm 9. Verification: MD5 sum Package Name -- 09b6c7ff370f58140aac7d1a41b50035 i386/nfs-server-2.2beta47-0.i386.rpm 14e1e5e5bcba01f9bb9cb6dfe9e2627e i386/nfs-server-clients-2.2beta47-0.i386.rpm 9ce6b7afd8ef5a1d5b481ee9fe2530d3 alpha/nfs-server-2.2beta47-0.alpha.rpm 6306ba518cd64b0d018b8b2786ecb128 alpha/nfs-server-clients-2.2beta47-0.alpha.rpm cf15f95dd9b13844b63a9e7607a873ee sparc/nfs-server-2.2beta47-0.sparc.rpm a450ee5b850fb6ed906b3527a2165ec5 sparc/nfs-server-clients-2.2beta47-0.sparc.rpm e6ffef85c75620ebebf0c3244a181c46 SRPMS/nfs-server-2.2beta47-0.src.rpm 1d408903070fa5313072fe8886917bda i386/nfs-server-2.2beta47-1.i386.rpm e4c30ae30f3cbdd4ff2cd90232c46e0e i386/nfs-server-clients-2.2beta47-1.i386.rpm 1d6f0a6c28b4cb20e1f203bb8d376af1 alpha/nfs-server-2.2beta47-1.alpha.rpm 75f89bcd51df6771d993aaee6f812ce7 alpha/nfs-server-clients-2.2beta47-1.alpha.rpm 0dc37d253e7620ce300ef51b15af562b sparc/nfs-server-2.2beta47-1.sparc.rpm 21c743b1631db675dd1aac7007c9a37a sparc/nfs-server-clients-2.2beta47-1.sparc.rpm 810ca1bd9d362031ed21c664eb2024ac SRPMS/nfs-server-2.2beta47-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 10. References:
No Subject
- Red Hat, Inc. Security Advisory Synopsis: security problems with ypserv Advisory ID:RHSA-1999:046-01 Issue date: 1999-10-27 Updated on: 1999-10-27 Keywords: Cross references: ypserv yppasswdd rpc.yppasswdd - 1. Topic: The ypserv package, which contains the ypserv NIS server and the yppasswdd password-change server, has been discovered to have security holes. 2. Problem description: With ypserv, local administrators in the NIS domain could possibly inject password tables. In rpc.yppasswdd, users could change GECOS and login shells of other users, and there is a buffer overflow in the md5 hash generation. It is recommended that all users of the ypserv package upgrade to the new packages. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 4. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.x, all architectures 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 4.x: Intel: ftp://updates.redhat.com/4.2/i386/ypserv-1.3.9-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com/4.2/alpha/ypserv-1.3.9-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com/4.2/sparc/ypserv-1.3.9-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com/4.2/SRPMS/ypserv-1.3.9-0.4.2.src.rpm Red Hat Linux 5.x: Intel: ftp://updates.redhat.com/5.2/i386/ypserv-1.3.9-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/ypserv-1.3.9-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/ypserv-1.3.9-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/ypserv-1.3.9-0.5.2.src.rpm Red Hat Linux 6.x: Intel: ftp://updates.redhat.com/6.1/i386/ypserv-1.3.9-1.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/ypserv-1.3.9-1.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/ypserv-1.3.9-1.sparc.rpm Source packages: ftp://updates.redhat.com/6.1/SRPMS/ypserv-1.3.9-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- d384966683e0c59b7c63d2d0fcba79ce ypserv-1.3.9-0.4.2.i386.rpm e8e860c754e894b955c2ec3e73bcad8d ypserv-1.3.9-0.4.2.alpha.rpm 19cfbc0bf8ef5ed272243d74020b69df ypserv-1.3.9-0.4.2.sparc.rpm df131f369bfb64d1b093447168484e38 ypserv-1.3.9-0.4.2.src.rpm 51a38316e72f25b6751ade459728f049 ypserv-1.3.9-0.5.2.i386.rpm 65da86b0b61ae70b82a5b3fe17b77803 ypserv-1.3.9-0.5.2.alpha.rpm 2956fc958456d5a91d697043932266bd ypserv-1.3.9-0.5.2.sparc.rpm dda2d28bb89cddb9ecb4409778a548f9 ypserv-1.3.9-0.5.2.src.rpm c1a566b7535bb51e25d9c1743f822682 ypserv-1.3.9-1.i386.rpm a8f5a82d450ddb2b42068537859c18ae ypserv-1.3.9-1.alpha.rpm 6759503c9cc688bcd1902f6511ecc60a ypserv-1.3.9-1.sparc.rpm f7e8b5a241c4e873822c83be2f0cf566 ypserv-1.3.9-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 10. References: <[EMAIL PROTECTED]>
[RHSA-1999:042-01] screen defaults to not using Unix98 ptys
- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID:RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions - 1. Topic: Screen uses ptys with world read/write permissions. 2. Problem description: The version of screen that shipped with Red Hat Linux 6.1 defaulted to not using Unix98 ptys. Since screen is not setuid root, this means that it leaves the ptys with insecure permissions. The updated packages restore the Unix98 pty support. Thanks go to Chris Evans for noting this vulnerability. Previous versions of Red Hat Linux are not affected by this problem. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6100 4. Relevant releases/architectures: Red Hat Linux 6.1, Intel 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 6.1: Intel: ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/screen-3.9.4-3.i386.rpm Source package: ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/screen-3.9.4-3.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- 2e5ada61d3d06408bae76bf581d2bf69 screen-3.9.4-3.i386.rpm 09277e5b10b709ac2d974b952cb29e9b screen-3.9.4-3.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig 'filename' If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 'filename' 10. References:
[LI] [RHSA-1999:041-01] File access problems in lpr/lpd
FYI -- Raju - Red Hat, Inc. Security Advisory Synopsis: File access problems in lpr/lpd Advisory ID:RHSA-1999:041-01 Issue date: 1999-10-17 Updated on: Keywords: lpr lpd permissions Cross references: - 1. Topic: There are potential problems with file access checking in the lpr and lpd programs. These could allow users to potentially print files they do not have access to. Also, there are bugs in remote printing in the lpd that shipped with Red Hat Linux 6.1. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 5122 5540 5697 5832 5835 5903 5949 3. Relevant releases/architectures: Red Hat Linux 4.x, all architectures Red Hat Linux 5.x, all architectures Red Hat Linux 6.x, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.x: Intel: ftp://ftp.redhat.com/pub/redhat/updates/4.2/i386/lpr-0.43-0.4.2.i386.rpm Alpha: ftp://ftp.redhat.com/pub/redhat/updates/4.2/alpha/lpr-0.43-0.4.2.alpha.rpm Sparc: ftp://ftp.redhat.com/pub/redhat/updates/4.2/sparc/lpr-0.43-0.4.2.sparc.rpm Source packages: ftp://ftp.redhat.com/pub/redhat/updates/4.2/SRPMS/lpr-0.43-0.4.2.src.rpm Red Hat Linux 5.x: Intel: ftp://ftp.redhat.com/pub/redhat/updates/5.2/i386/lpr-0.43-0.5.2.i386.rpm Alpha: ftp://ftp.redhat.com/pub/redhat/updates/5.2/alpha/lpr-0.43-0.5.2.alpha.rpm Sparc: ftp://ftp.redhat.com/pub/redhat/updates/5.2/sparc/lpr-0.43-0.5.2.sparc.rpm Source packages: ftp://ftp.redhat.com/pub/redhat/updates/5.2/SRPMS/lpr-0.43-0.5.2.src.rpm Red Hat Linux 6.x: Intel: ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/lpr-0.43-2.i386.rpm Alpha: ftp://ftp.redhat.com/pub/redhat/updates/6.0/alpha/lpr-0.43-2.alpha.rpm Sparc: ftp://ftp.redhat.com/pub/redhat/updates/6.0/sparc/lpr-0.43-2.sparc.rpm Source packages: ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/lpr-0.43-2.src.rpm 7. Problem description: There are two problems in the lpr and lpd programs. By exploiting a race between the access check and the actual file opening, it is potentially possible to have lpr read a file as root that the user does not have access to. Also, the lpd program would blindly open queue files as root; by use of the '-s' flag to lpr, it was possible to have lpd print files that the user could not access. Thanks go to Tymm Twillman for pointing out these vulnerabilities. Also, various bugs in remote printing that were present in the lpd released with Red Hat Linux 6.1 have been fixed. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- fb854cbddc9e38847c31aa6e07904ae6 lpr-0.43-0.4.2.i386.rpm 10d7f947c5e1e2ac13c88fec95e53838 lpr-0.43-0.4.2.alpha.rpm aea5f8564289be2f344169ba89da5ff7 lpr-0.43-0.4.2.sparc.rpm faaa81630ac3d5de295deec4c0cb2883 lpr-0.43-0.4.2.src.rpm 3966751ae7e8e5b6fc179d61dd88 lpr-0.43-0.5.2.i386.rpm 479537d92946838857276967d6fb4e98 lpr-0.43-0.5.2.alpha.rpm b8c3970d327b1bdd3c14b933b4dab5c0 lpr-0.43-0.5.2.sparc.rpm 3aa3386da05e96adc04db5b376f307dd lpr-0.43-0.5.2.src.rpm cc1f97635c0a1029febc1f0e75e40527 lpr-0.43-2.i386.rpm 9c611726e6ec6f754e0b6503f87b8e97 lpr-0.43-2.alpha.rpm 1e8ff6f9f3272f30ca96f4dcdfdc9b53 lpr-0.43-2.sparc.rpm 2c258e8aa98f5b005b326f3110410965 lpr-0.43-2.src.rpm These packages are signed with GnuPG by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg Note that you need RPM >= 3.0 to check GnuPG keys. 10. References: The Linux India Mailing List Archives are now available. Please search the archive at http://lists.linux-india.org/ before posting your question to avoid repetition and save bandwidth.
[linux-delhi] [RHSA-1999:037-01] Buffer overflow in mars_nwe
FYI -- Raju - Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in mars_nwe Advisory ID:RHSA-1999:037-01 Issue date: 1999-09-13 Updated on: Keywords: mars_nwe buffer Cross references: - 1. Topic: There are several buffer overruns in the mars_nwe package. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 5002 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures Red Hat Linux 4.2, 5.2 Intel (mars_nwe was not built for Alpha and Sparc in previous versions of Red Hat Linux.) 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: ftp://updates.redhat.com//4.2/i386/mars-nwe-0.99pl17-0.4.2.i386.rpm Source packages: ftp://updates.redhat.com//4.2/SRPMS/mars-nwe-0.99pl17-0.4.2.src.rpm Red Hat Linux 5.2: Intel: ftp://updates.redhat.com//5.2/i386/mars-nwe-0.99pl17-0.5.2.i386.rpm Source packages: ftp://updates.redhat.com//5.2/SRPMS/mars-nwe-0.99pl17-0.5.2.src.rpm Red Hat Linux 6.0: Intel: ftp://updates.redhat.com//6.0/i386/mars-nwe-0.99pl17-4.i386.rpm Alpha: ftp://updates.redhat.com//6.0/alpha/mars-nwe-0.99pl17-4.alpha.rpm Sparc: ftp://updates.redhat.com//6.0/sparc/mars-nwe-0.99pl17-4.sparc.rpm Source packages: ftp://updates.redhat.com//6.0/SRPMS/mars-nwe-0.99pl17-4.src.rpm 7. Problem description: Buffer overflows are present in the mars_nwe package. Since the code that contains these overflows is run as root, a local root compromise is possible if users create carefully designed directories and/or bindery objects. A sample exploit has been made available. Thanks go to Przemyslaw Frasunek ([EMAIL PROTECTED]) and Babcia Padlina Ltd. for noting the problem and providing a patch. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- 350882fd246344891f04d7419561eb8f i386/mars-nwe-0.99pl17-0.4.2.i386.rpm 99134c2f507c906483320b9748b6334c SRPMS/mars-nwe-0.99pl17-0.4.2.src.rpm 2dd6f7cf55f8ed68ba40b9d98a91adaf i386/mars-nwe-0.99pl17-0.5.2.i386.rpm e3d918c4e52ef051d169d7380e4d8cfe SRPMS/mars-nwe-0.99pl17-0.5.2.src.rpm adbd809d9de3d22fed637bcf56ede66f i386/mars-nwe-0.99pl17-4.i386.rpm 729f888a3c1ebb87bcf04c204bf7b9dc alpha/mars-nwe-0.99pl17-4.alpha.rpm bf73f67c225c2edce4d7ee52b5796803 sparc/mars-nwe-0.99pl17-4.sparc.rpm b9c61129b2e04d25c48863ededc35568 SRPMS/mars-nwe-0.99pl17-4.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp 10. References: Bugtraq ID: 617 <[EMAIL PROTECTED]>
[RHSA-1999:030-02] Buffer overflow in cron daemon
- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID:RHSA-1999:030-02 Issue date: 1999-08-25 Updated on: 1999-08-27 Keywords: vixie-cron crond MAILTO Cross references: - Revision History: 1999-08-27: Updated packages to fix problems on Red Hat Linux 4.2 and 5.2, added credits, remove statement about 'no known exploits' 1. Topic: A buffer overflow exists in crond, the cron daemon. This could allow local users to gain privilege. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla/): 4706 3. Relevant releases/architectures: Red Hat Linux 4.2, 5.2, 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/i386/vixie-cron-3.0.1-37.4.2.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/alpha/vixie-cron-3.0.1-37.4.2.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/sparc/vixie-cron-3.0.1-37.4.2.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/vixie-cron-3.0.1-37.4.2.src.rpm Red Hat Linux 5.2: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/i386/vixie-cron-3.0.1-37.5.2.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/alpha/vixie-cron-3.0.1-37.5.2.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/sparc/vixie-cron-3.0.1-37.5.2.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/vixie-cron-3.0.1-37.5.2.src.rpm Red Hat Linux 6.0: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/i386/vixie-cron-3.0.1-38.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/alpha/vixie-cron-3.0.1-38.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/sparc/vixie-cron-3.0.1-38.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/vixie-cron-3.0.1-38.src.rpm 7. Problem description: By creating a crontab that runs with a specially formatted 'MAILTO' environment variable, it is possible for local users to overflow a fixed-length buffer in the cron daemon's cron_popen() function. Since the cron daemon runs as root, it would be theoretcially possible for local users to use this buffer overflow to gain root privilege. Also, it was possible to use specially formatted 'MAILTO' environment variables to send commands to sendmail. (1999-08-25) The original pacakges released had the following problems: - Some legitimate e-mail addresses in "MAILTO" could be rejected. - The Red Hat Linux 4.2 and 5.2 packages shipped with logrotate scripts that contained options not present in the logrotate that shipped with those versions. - The Red Hat Linux 4.2 (i386 and SPARC) packages did not correctly reset the SIGCHLD handler, causing zombie processes to be created. Users who experience these problems should upgrade to the newer pacakges. There are no known security issues with the previous errata packages. Thanks go to Tymm Twillman, Martin Schulze, Pawel Veselov and others for noting and providing some fixes for the vulnerabilities. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- e84b81e4c950add3b8565c91a9565807 i386/vixie-cron-3.0.1-37.4.2.i386.rpm ecbc5c1b1c8bf72dd15319de5bf64292 alpha/vixie-cron-3.0.1-37.4.2.alpha.rpm 6825a04bf5dbf5dfbddad5221bd14489 sparc/vixie-cron-3.0.1-37.4.2.sparc.rpm 6365d813ef298479e35450c74862fab8 SRPMS/vixie-cron-3.0.1-37.4.2.src.rpm 88e5b200468c66c264283be01f674d4d i386/vixie-cron-3.0.1-37.5.2.i386.rpm b014e9335c7644484462fb0d2f86afa8 alpha/vixie-cron-3.0.1-37.5.2.alpha.rpm 850c86e7972e54b3d025e3fe3e7d8464 sparc/vixie-cron-3.0.1-37.5.2.sparc.rpm 64fa16237dc7aea30c58e9a6d1774d9e SRPMS/vixie-cron-3.0.1-37.5.2.src.rpm 804bec06a0f2b25665c9f77b0c03cf4e i386/vixie-cron-3.0.1-38.i386.rpm fd3e80ae1c8a2ab84bcbcfe338fe8a92 alpha/vixie-cron-3.0.1-38.alpha.rpm 587e2cee6ab190f6bf9d1727b1bc48bc sparc/vixie-cron-3.0.1-38.sparc.rpm 1197fe2e1db1591221a27738c2d812d4 SRPMS/vixie-cron-3.0.1-38.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp 10. References:
[RHSA-1999:030-01] Buffer overflow in cron daemon
- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in cron daemon Advisory ID:RHSA-1999:030-01 Issue date: 1999-08-25 Updated on: Keywords: vixie-cron crond MAILTO Cross references: - 1. Topic: A buffer overflow exists in crond, the cron daemon. This could allow local users to gain privilege. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla/): 4706 3. Relevant releases/architectures: Red Hat Linux 4.2, 5.2, 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/i386/vixie-cron-3.0.1-36.4.2.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/alpha/vixie-cron-3.0.1-36.4.2.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/sparc/vixie-cron-3.0.1-36.4.2.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/vixie-cron-3.0.1-36.4.2.src.rpm Red Hat Linux 5.2: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/i386/vixie-cron-3.0.1-36.5.2.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/alpha/vixie-cron-3.0.1-36.5.2.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/sparc/vixie-cron-3.0.1-36.5.2.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/vixie-cron-3.0.1-36.5.2.src.rpm Red Hat Linux 6.0: Intel: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/i386/vixie-cron-3.0.1-37.i386.rpm Alpha: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/alpha/vixie-cron-3.0.1-37.alpha.rpm Sparc: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/sparc/vixie-cron-3.0.1-37.sparc.rpm Source packages: rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/vixie-cron-3.0.1-37.src.rpm 7. Problem description: By creating a crontab that runs with a specially formatted 'MAILTO' environment variable, it is possible for local users to overflow a fixed-length buffer in the cron daemon's cron_popen() function. Since the cron daemon runs as root, it would be theoretcially possible for local users to use this buffer overflow to gain root privilege. To the best of our knowledge, no known exploits exist at this time. Also, it was possible to use specially formatted 'MAILTO' environment variables to send commands to sendmail. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- a90bf7adbc719fdb5a8ed335fda32a3c i386/vixie-cron-3.0.1-36.4.2.i386.rpm 2b6b0b00cdeca0381ab2893ddf2f2bd1 alpha/vixie-cron-3.0.1-36.4.2.alpha.rpm 02d183979b594a7e7a9c1bc8566b2f16 sparc/vixie-cron-3.0.1-36.4.2.sparc.rpm b8ac0c21e108ebd67925c224f7a0b82b SRPMS/vixie-cron-3.0.1-36.4.2.src.rpm 7df6884f0709b078d19f390db2a7e304 i386/vixie-cron-3.0.1-36.5.2.i386.rpm b51b4ea612c4f5a59c1bb4e76af95eeb alpha/vixie-cron-3.0.1-36.5.2.alpha.rpm 5ceeb614442bd4d4ce8a9680664d77e4 sparc/vixie-cron-3.0.1-36.5.2.sparc.rpm 9f411cb3c7c1c53423eebc9d5f64619a SRPMS/vixie-cron-3.0.1-36.5.2.src.rpm 39bbedeade7dc6da6f0ab5acfb3af6da i386/vixie-cron-3.0.1-37.i386.rpm addec82afbd131aef14fadf8cfb8ddcf alpha/vixie-cron-3.0.1-37.alpha.rpm b56db77c411f72825efbffed43780213 sparc/vixie-cron-3.0.1-37.sparc.rpm 243d9099bdb94bd0d075de4da4dbba12 SRPMS/vixie-cron-3.0.1-37.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp 10. References:
[RHSA-1999:029-01] Denial of service attack in in.telnetd
- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in in.telnetd Advisory ID:RHSA-1999:029-01 Issue date: 1999-08-19 Updated on: Keywords: telnet telnetd Cross references: - 1. Topic: A denial of service attack has been fixed in in.telnetd. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla/): 4560 3. Relevant releases/architectures: Red Hat Linux 4.2, 5.2, 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: ftp://ftp.redhat.com/redhat/updates/4.2/i386/NetKit-B-0.09-11.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/4.2/alpha/NetKit-B-0.09-11.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/4.2/sparc/NetKit-B-0.09-11.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/NetKit-B-0.09-11.src.rpm Red Hat Linux 5.2: Intel: ftp://ftp.redhat.com/redhat/updates/5.2/i386/telnet-0.10-28.5.2.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/5.2/alpha/telnet-0.10-28.5.2.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/5.2/sparc/telnet-0.10-28.5.2.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/telnet-0.10-28.5.2.src.rpm Red Hat Linux 6.0: Intel: ftp://ftp.redhat.com/redhat/updates/6.0/i386/telnet-0.10-29.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/6.0/alpha/telnet-0.10-29.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/6.0/sparc/telnet-0.10-29.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/telnet-0.10-29.src.rpm 7. Problem description: in.telnetd attempts to negotiate a compatible terminal type between the local and remote host. By setting the TERM environment variable before connecting, a remote user could cause the system telnetd to open files it should not. Depending on the TERM setting used, this could lead to denial of service attacks. Thanks go to Michal Zalewski and the Linux Security Audit team for noting this vulnerability. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- 0c425c34fb77a8309ff10b4143e9b847 i386/NetKit-B-0.09-11.i386.rpm d791d645adeb5fa0147c1058b21cbbac alpha/NetKit-B-0.09-11.alpha.rpm bfbd440845191bbdcf8be21ee59bf6a8 sparc/NetKit-B-0.09-11.sparc.rpm ccd5ab53c423e468d66ca801c90b5ae4 SRPMS/NetKit-B-0.09-11.src.rpm ef33f3c5ca810d05420e57b5cfcf8928 i386/telnet-0.10-28.5.2.i386.rpm 6dc23437a200193b0bfed23d5f5e6562 alpha/telnet-0.10-28.5.2.alpha.rpm 49c38457cc0a82a680fd9b9634dc8021 sparc/telnet-0.10-28.5.2.sparc.rpm 2f33670a683e3abef0e4914586c71961 SRPMS/telnet-0.10-28.5.2.src.rpm 4360d47490f13d60b8737d28dc88825a i386/telnet-0.10-29.i386.rpm 90213fcdca41a3ed12ab7d92344e7286 alpha/telnet-0.10-29.alpha.rpm 277787dbc39dff8ea84d4b16dcb7a954 sparc/telnet-0.10-29.sparc.rpm 269783a0754d234f7bef0f4717a8dbc2 SRPMS/telnet-0.10-29.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp 10. References:
[RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()
- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in libtermcap tgetent() Advisory ID:RHSA-1999:028-01 Issue date: 1999-08-17 Updated on: Keywords: termcap xterm Cross references: - 1. Topic: A buffer overflow has been fixed in the tgetent() function of libtermcap. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla/): 4538 3. Relevant releases/architectures: Red Hat Linux 4.2, 5.2, 6.0, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-2.0.8-14.4.2.i386.rpm ftp://ftp.redhat.com/redhat/updates/4.2/i386/libtermcap-devel-2.0.8-14.4.2.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-2.0.8-14.4.2.alpha.rpm ftp://ftp.redhat.com/redhat/updates/4.2/alpha/libtermcap-devel-2.0.8-14.4.2.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-2.0.8-14.4.2.sparc.rpm ftp://ftp.redhat.com/redhat/updates/4.2/sparc/libtermcap-devel-2.0.8-14.4.2.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/libtermcap-2.0.8-14.4.2.src.rpm Red Hat Linux 5.2: Intel: ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-2.0.8-14.5.2.i386.rpm ftp://ftp.redhat.com/redhat/updates/5.2/i386/libtermcap-devel-2.0.8-14.5.2.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-2.0.8-14.5.2.alpha.rpm ftp://ftp.redhat.com/redhat/updates/5.2/alpha/libtermcap-devel-2.0.8-14.5.2.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-2.0.8-14.5.2.sparc.rpm ftp://ftp.redhat.com/redhat/updates/5.2/sparc/libtermcap-devel-2.0.8-14.5.2.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/libtermcap-2.0.8-14.5.2.src.rpm Red Hat Linux 6.0: Intel: ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-2.0.8-15.i386.rpm ftp://ftp.redhat.com/redhat/updates/6.0/i386/libtermcap-devel-2.0.8-15.i386.rpm Alpha: ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-2.0.8-15.alpha.rpm ftp://ftp.redhat.com/redhat/updates/6.0/alpha/libtermcap-devel-2.0.8-15.alpha.rpm Sparc: ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-2.0.8-15.sparc.rpm ftp://ftp.redhat.com/redhat/updates/6.0/sparc/libtermcap-devel-2.0.8-15.sparc.rpm Source packages: ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/libtermcap-2.0.8-15.src.rpm 7. Problem description: A buffer overflow existed in libtermcap's tgetent() function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file. Under Red Hat Linux 5.2 and 4.2, this could lead to local users gaining root privileges, as xterm (as well as other possibly setuid programs) are linked against libtermcap. Under Red Hat Linux 6.0, xterm is not setuid root. Thanks go to Kevin Vajk and the Linux Security Audit team for noting and providing a fix for this vulnerability. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -- 31b5612edbb97c66600ac65c81c85fc2 i386/libtermcap-2.0.8-14.4.2.i386.rpm 8c26efd7648e92f23e9d2b5e7f48d3a4 i386/libtermcap-devel-2.0.8-14.4.2.i386.rpm e6a3cb5ad06d6b64a40321b01d18931b alpha/libtermcap-2.0.8-14.4.2.alpha.rpm 15c288bd178504542be3b2cee077713a alpha/libtermcap-devel-2.0.8-14.4.2.alpha.rpm 8fb7ce4743c14b4163c4871dada51b63 sparc/libtermcap-2.0.8-14.4.2.sparc.rpm bc7a74a44201b37fa6cf3515bd20a2bd sparc/libtermcap-devel-2.0.8-14.4.2.sparc.rpm eb117c8f9f926b7fe75f6ebbdf3d2a6b SRPMS/libtermcap-2.0.8-14.4.2.src.rpm 9811a7c7665a18a46e9c876163628ba6 i386/libtermcap-2.0.8-14.5.2.i386.rpm 91248a539ee5fb708d194403c61ee14c i386/libtermcap-devel-2.0.8-14.5.2.i386.rpm 50a9dcb2fea451b03b743c46ea478418 alpha/libtermcap-2.0.8-14.5.2.alpha.rpm a98bbcd7a3e8ab0b41983318aea5e919 alpha/libtermcap-devel-2.0.8-14.5.2.alpha.rpm 4c2f8d832512fabbe5dbcb89fc782159 sparc/libtermcap-2.0.8-14.5.2.sparc.rpm b65b6267eed90d8149a9e52462b3cf10 sparc/libtermcap-devel-2.0.8-14.5.2.sparc.rpm 19caa6ab708d3a3f6af8eddafb5f53f2 SRPMS/libtermcap-2.0.8-14.5.2.src.rpm 4995cf0a7c181abe56565d82f12c7819 i386/libtermcap-2.0.8-15.i386.rpm 59d18de3f22abe5674575961b1390177 i386/libtermcap-devel-2.0.8-15.i386.rpm 611cdfb7f167242e7d3b2eaac866705a alpha/libtermcap-2.0.8-15.alpha.rpm 76098235237b5f051ad1266193d7b259 alpha/libtermcap-devel-2.0.8-15.alpha.rpm 846ad7a73b25d3eceab1949322337e14 sparc/libtermcap-2.0.8-15.sparc.rpm 6ddde808ec8b5bc7960851ef3188a6dd sparc/libtermcap-devel-2.0.8-15.sparc.rpm 6a29851494601540d642ff557bd590d6 SRPMS/libtermcap-2.0.8-15.src.rpm These packages are
[RHSA-1999:025-01] Potential misuse of squid cachemgr.cgi
- Red Hat, Inc. Security Advisory Synopsis: Potential misuse of squid cachemgr.cgi Advisory ID:RHSA-1999:025-01 Issue date: 1999-07-29 Updated on: Keywords: squid cachemgr.cgi connect Cross references: - 1. Topic: cachemgr.cgi, the manager interface to Squid, is installed by default in /home/httpd/cgi-bin. If a web server (such as apache) is running, this can allow remote users to sent connect() requests from the local machine to arbitrary hosts and ports. 2. Bug IDs fixed: 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures Red Hat Linux 5.2, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 6.0: Intel: ftp://updates.redhat.com/6.0/i386/squid-2.2.STABLE4-5.i386.rpm Alpha: ftp://updates.redhat.com/6.0/alpha/squid-2.2.STABLE4-5.alpha.rpm Sparc: ftp://updates.redhat.com/6.0/sparc/squid-2.2.STABLE4-5.sparc.rpm Source packages: ftp://updates.redhat.com/6.0/SRPMS/squid-2.2.STABLE4-5.src.rpm Red Hat Linux 5.2: Intel: ftp://updates.redhat.com/5.2/i386/squid-2.2.STABLE4-0.5.2.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha/squid-2.2.STABLE4-0.5.2.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc/squid-2.2.STABLE4-0.5.2.sparc.rpm Source packages: ftp://updates.redhat.com/5.2/SRPMS/squid-2.2.STABLE4-0.5.2.src.rpm 7. Problem description: A remote user could enter a hostname/IP address and port number, and the cachemgr CGI would attempt to connect to that host and port, printing the error if it fails. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh where filename is the name of the RPM. Alternatively, you can simply disable the cachemgr.cgi, by editing your http daemons access control files or deleting/moving the cachemgr.cgi binary. 9. Verification: MD5 sum Package Name -- 80d527634fc8d8d2029532a628b3d924 squid-2.2.STABLE4-5.i386.rpm 65d18747148d7e3dae4249fe65c18c6b squid-2.2.STABLE4-5.alpha.rpm 734f84b949752fe39b5e58555210ff51 squid-2.2.STABLE4-5.sparc.rpm 02a93b0b1985f8d5c77eb8f3e8981eeb squid-2.2.STABLE4-5.src.rpm 175b42cc4b603242fbb95e345c14963c squid-2.2.STABLE4-0.5.2.i386.rpm f8dfc1198e32c645ed57769a44f3aa6d squid-2.2.STABLE4-0.5.2.alpha.rpm 2e11f629d2f15af8442d6b724ea4d020 squid-2.2.STABLE4-0.5.2.sparc.rpm 0ea1522539d2aebf298881571253e13d squid-2.2.STABLE4-0.5.2.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp 10. References: - End forwarded message -