----- Forwarded message from Raymond Dijkxhoorn <[EMAIL PROTECTED]> ----- > From: Raymond Dijkxhoorn <[EMAIL PROTECTED]> > Date: Wed, 31 May 2000 17:20:15 +0200 > To: [EMAIL PROTECTED] > Subject: [RHSA-2000:005-05] New majordomo packages available (fwd) > > From: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > Red Hat, Inc. Security Advisory > > Synopsis: New majordomo packages available > Advisory ID: RHSA-2000:005-05 > Issue date: 2000-01-20 > Updated on: 2000-05-31 > Product: Red Hat Powertools > Keywords: majordomo > Cross references: N/A > --------------------------------------------------------------------- > > 1. Topic: > > New majordomo packages are available to fix local security problems in majordomo. > > 2. Relevant releases/architectures: > > Red Hat Powertools 6.1 - i386 alpha sparc > > 3. Problem description: > > A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will >allow execution of arbitrary commands with elevated privileges. > > It is recommended that all users of Red Hat Linux using the majordomo package >upgrade to the fixed package, which will resolve the vulnerability in >/usr/lib/majordomo/resend. To secure /usr/lib/majodomo/wrapper, please read the >solution section below. > > Once an official patch has been released by the majordomo maintainers, we will >release an updated package which will fix both vulnerabilities. > > 4. Solution: > > For each RPM for your particular architecture, run: > > rpm -Fvh [filename] > > where filename is the name of the RPM. > > Once the package is installed, become "root" and execute this command: > > chmod o-x /usr/lib/majordomo/wrapper > > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): > > N/A > > 6. RPMs required: > > Red Hat Powertools 6.1: > > intel: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/i386/majordomo-1.94.5-2.i386.rpm > > alpha: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/alpha/majordomo-1.94.5-2.alpha.rpm > > sparc: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/sparc/majordomo-1.94.5-2.sparc.rpm > > sources: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/SRPMS/majordomo-1.94.5-2.src.rpm > > 7. Verification: > > MD5 sum Package Name > -------------------------------------------------------------------------- > ad994a1742d90a593b8ecfbf52634cd7 6.1/SRPMS/majordomo-1.94.5-2.src.rpm > 8c829a13c2229060c899ffdc7e7db38c 6.1/alpha/majordomo-1.94.5-2.alpha.rpm > f0e22f364abcbe4c217f2b8eb180037d 6.1/i386/majordomo-1.94.5-2.i386.rpm > 89e327c6c92acc97db34e541f34c0c67 6.1/sparc/majordomo-1.94.5-2.sparc.rpm > > These packages are GPG signed by Red Hat, Inc. for security. Our key > is available at: > http://www.redhat.com/corp/contact.html > > You can verify each package with the following command: > rpm --checksig <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the md5sum with the following command: > rpm --checksig --nogpg <filename> > > 8. References: > > Thanks to Brock Tellier at [EMAIL PROTECTED] for noting the vulnerability in resend, >to Shevek at [EMAIL PROTECTED] and Olaf Kirch at [EMAIL PROTECTED] for noting the >vulnerability in the wrapper. > > ----- End forwarded message ----- Ronny -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
