----- Forwarded message from Roman Drahtmueller <[EMAIL PROTECTED]> ----- > From: Roman Drahtmueller <[EMAIL PROTECTED]> > Reply-To: Roman Drahtmueller <[EMAIL PROTECTED]> > Date: Thu, 10 Aug 2000 12:35:10 +0200 > To: [EMAIL PROTECTED] > Subject: SuSE Security Announcement: rpc.kstatd (knfsd) > > -----BEGIN PGP SIGNED MESSAGE----- > > ______________________________________________________________________________ > > SuSE Security Announcement > > Package: knfsd, all versions > Date: Thursday, August 10th, 2000 > Affected SuSE versions: 6.1-6.4 > Vulnerability Type: remote root compromise > Severity (1-10): 9 > SuSE default package: yes > Other affected systems: all linux systems using this package > > Content of this advisory: > 1) security vulnerability resolved: knfsd (remote root compromise) > problem description, discussion, solution and upgrade information > 2) pending vulnerabilities, temporary workarounds > (Netscape, suidperl) > 3) standard appendix (further information) > > > ______________________________________________________________________________ > > 1) problem description, brief discussion, solution, upgrade information > > Due to incorrect string parsing in the code, a remote attacker could > gain root priviledges on the machine running the vulnerable rpc.kstatd. > > The rpc.kstatd daemon contained in the package linuxnfs (SuSE-6.1, 6.2) > or knfsd (SuSE-6.3, 6.4) is used by the NFS file locking service to > implement lock recovery when the NFS server crashes or reboots. > The network status monitor as shipped with SuSE distributions including > and following SuSE-6.1 is called `rpc.kstatd' in order not to confuse > it with the `rpc.rstatd', the kernel statistics server that comes with > SuSE, too (See manual pages for rpc.kstatd and rpc.rstatd). Other > distributors might use the term `rpc.statd'. > Note: The upcoming SuSE-7.0 distribution is _not_ vulnerable to the > problem with rpc.kstatd. > > SuSE provides updated packages for the vulnerable software. It is > strongly recommended to upgrade to the latest version found on our > ftp server as described below. > For the kernel-based NFS server to operate properly, it is strongly > recommended to upgrade to the latest kernel version as announced in > http://www.suse.de/de/support/security/suse_security_announce_54.txt . > > Chose one of the following paths to download the package from our > ftp server and install the package with the command `rpm -Fhv file.rpm'. > The md5sum for each file is in the line below. > You can verify the integrity of the rpm files using the command > `rpm --checksig --nogpg file.rpm', independently from the md5 > signatures below. > > i386 Intel Platform: > SuSE-6.4 (package name is knfsd!): > ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/knfsd.rpm > 1a7214f921ebeea7bbcfce8187e7ba65 > source rpm: > ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/knfsd.spm > fa4bb28382515648f1c667cbbc019695 > > SuSE-6.3 (package name is knfsd!): > ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/knfsd.rpm > 9425557d97676df139c3b3cfbcbfb686 > source rpm: > ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/knfsd.spm > 1d4f69b00eedee3530cbd14ede55b985 > > SuSE-6.2 (package name is linuxnfs!): > ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/linuxnfs.rpm > c4fbbcbdac7c8640b8ff92643e666ea2 > source rpm: > ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/linuxnfs.spm > 7a006bcc0a8132e8a35e43c087edd493 > > SuSE-6.1 (package name is linuxnfs!): > ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/linuxnfs.rpm > e4ae4db716613a94d7f5a2acc5f4ee05 > source rpm: > ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/linuxnfs.spm > 879318dd2985fc29d879691044ccc982 > > AXP Alpha Platform: > SuSE-6.4 (package name is knfsd!): > ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/knfsd.rpm > 6596ee4207f3f03b570a872af714a263 > source rpm: > ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/knfsd.spm > 14d8c202a1d136e7d88ae02e428925a1 > SuSE-6.3 (package name is knfsd!): > ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/knfsd.rpm > 728896064200e3fe2e303eba3246a295 > source rpm: > ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/knfsd.spm > 6e755c651af95c4f8fd05138a373e8f3 > SuSE-6.1 (package name is linuxnfs!): > ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/linuxnfs.rpm > 589a11bd867608cb00c93f4b91ba6dce > source rpm: > ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/linuxnfs.spm > 8196c617e9585a4906407bf666055508 > > PPC Power PC Platform: > SuSE-6.4 (package name is knfsd!): > ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/knfsd.rpm > 52d64f1104530dac74ab03c508aa2ff4 > source rpm: > ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/knfsd.spm > 5cdff95c21484fe01552a0ed80252adc > > ______________________________________________________________________________ > > 2) Pending vulnerabilities in SuSE Distributions and Workarounds > > This section addresses currently known vulnerabilities in Linux/Unix > systems that have not been resolved up to the release date of this > advisory. > > - Netscape, versions from 3.0 to 4.73: > > The latest version of Netscape is currently being tested. SuSE > Netscape rpms contain efficient workarounds against some "morbid" > properties of Netscape in order to provide stable packages. > These additions are being reworked right now. > Also, cryprographical software export regulations require us to > wait for the permission to redistribute the netscape package from > our US-American ftp server. > There are currently two known vulnerabilities in Netscape versions > from 3.0 to 4.73: > a) a buffer overflow in the jpeg image handling code > b) a security flaw in Netscape's Java implementation > a) has been fixed in Netscape version 4.74. Updated packages > from SuSE will follow soon. > Temporary fix/workaround: > problem a) Turn off automatic image loading and do not > click on images to trigger the download. > problem b) Turn off Java and JavaScript. > > > - suidperl > > The /usr/bin/suidperl perl interpreter in the SuSE Distributions > has file permissions 755 by default. If the admin of a SuSE Linux > system did not change the permission modes and/or the respective > entry in /etc/permissions*, the SuSE Linux system is not vulnerable > to the attack as published on bugtraq. > An advisory announcing updated suidperl packages follows this > announcement on the way to the mailing lists. Further details will > be discussed therein. > Temporary fix/workaround: > chmod -s /usr/bin/suidperl # this is the default. > > > ______________________________________________________________________________ > > 3) standard appendix: > > SuSE runs two security mailing lists to which any interested party may > subscribe: > > [EMAIL PROTECTED] > - general/linux/SuSE security discussion. > All SuSE security announcements are sent to this list. > To subscribe, send an email to > <[EMAIL PROTECTED]>. > > [EMAIL PROTECTED] > - SuSE's announce-only mailing list. > Only SuSE's security annoucements are sent to this list. > To subscribe, send an email to > <[EMAIL PROTECTED]>. > > For general information or the frequently asked questions (faq) > send mail to: > <[EMAIL PROTECTED]> or > <[EMAIL PROTECTED]> respectively. > > =============================================== > SuSE's security contact is <[EMAIL PROTECTED]>. > =============================================== > > > Regards, > Roman Drahtm�ller. > - -- > - - > | Roman Drahtm�ller <[EMAIL PROTECTED]> // "Caution: Cape does | > SuSE GmbH - Security Phone: // not enable user to fly." > | N�rnberg, Germany +49-911-740530 // (Batman Costume warning label) | > - - > ______________________________________________________________________________ > > The information in this advisory may be distributed or reproduced, > provided that the advisory is not modified in any way. > SuSE GmbH makes no warranties of any kind whatsoever with respect > to the information contained in this security advisory. > > > Type Bits/KeyID Date User ID > pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <[EMAIL PROTECTED]> > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.3i > > mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA > BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz > JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh > 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U > P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ > cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg > VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b > yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 > tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ > xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 > Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo > choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI > BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u > v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ > x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 > Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq > MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 > saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o > L0oixF12Cg== > =pIeS > - -----END PGP PUBLIC KEY BLOCK----- > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQEVAwUBOZKEqHey5gA9JdPZAQF6qwf7Bg+FyrocbRBGDA1fpA48D29/jTbZhPDJ > eVSZiYJvUdr1S3FfgqOVwe5TEjeazC3qdUoUdP4LS7SYJikZiYhKESuFjqgg8x1d > 0OmX2+EH9v/ji6kKMOh9Ad8lpZ+b70UUe39/Hp1HGKxtTEPdWkaiulD5PCwo3FIf > XiaXB00cFxGz997I3ttGXJp0VHJYubZFpy3atDk/bNd2SQzmol+GI9O2vwKZhraX > dzf1bPZ4z488GmH/Y1KeJ0z4yHqN4Hn3xtXWF6VG6GC4IGjDGXKxLbXeZPlJzu4g > Um25GSBedkwAYgRxqfJgJK1i9kUhS3E5zHzlwwJc8CfCjAPDG75Phg== > =RH2l > -----END PGP SIGNATURE----- > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
