[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
(fwd) [RHSA-2000:100-02] Setuid bits are removed on dump to prevent exploit
[Ewww, this is a bad one! Please follow the recommendations of this
advisory, otherwise local users will be able to get root on your
system (it took me ~15 seconds). I don't know if distributions other
than RedHat are vulnerable, will keep you posted -- Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Return-Path: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
Mime-version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Message-ID: <200011021506.eA2F6NM01919@xxxxxxxxxxxxxxxxxxx>
Reply-To: bugzilla@xxxxxxxxxx
X-To: redhat-watch-list@xxxxxxxxxx
X-cc: security-alert@xxxxxxxxxxxxxxxxx, linux-security@xxxxxxxxxx
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by biznetindia.com id eA2HWtg14442
From: bugzilla@xxxxxxxxxx
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: [RHSA-2000:100-02] Setuid bits are removed on dump to prevent
exploit
Date: Thu, 2 Nov 2000 10:06:00 -0500
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Setuid bits are removed on dump to prevent exploit
Advisory ID: RHSA-2000:100-02
Issue date: 2000-11-01
Updated on: 2000-11-02
Product: Red Hat Linux
Keywords: setuid dump root exploit
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
The Red Hat 7.0 dump is being released for Red Hat 6.x and Red Hat 5.x
in order to remove root setuid bits to prevent a known dump
exploit (#20111).
The new dump packages also include a fix for a buffer overflow (#9899)
2. Relevant releases/architectures:
Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
3. Problem description:
Dump can be used to gain root access.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
9899 - Linux dump buffer overflow
20111 - RH6.2 dump SUID exploit (via RSH env. var)
6. RPMs required:
Red Hat Linux 5.2:
alpha:
ftp://updates.redhat.com/5.2/alpha/dump-0.4b19-5.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/dump-static-0.4b19-5.5x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/rmt-0.4b19-5.5x.alpha.rpm
sparc:
ftp://updates.redhat.com/5.2/sparc/dump-0.4b19-5.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/dump-static-0.4b19-5.5x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/rmt-0.4b19-5.5x.sparc.rpm
i386:
ftp://updates.redhat.com/5.2/i386/dump-0.4b19-5.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/dump-static-0.4b19-5.5x.i386.rpm
ftp://updates.redhat.com/5.2/i386/rmt-0.4b19-5.5x.i386.rpm
sources:
ftp://updates.redhat.com/5.2/SRPMS/dump-0.4b19-5.5x.src.rpm
Red Hat Linux 6.2:
alpha:
ftp://updates.redhat.com/6.2/alpha/dump-0.4b19-5.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/dump-static-0.4b19-5.6x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/rmt-0.4b19-5.6x.alpha.rpm
sparc:
ftp://updates.redhat.com/6.2/sparc/dump-0.4b19-5.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/dump-static-0.4b19-5.6x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/rmt-0.4b19-5.6x.sparc.rpm
i386:
ftp://updates.redhat.com/6.2/i386/dump-0.4b19-5.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/dump-static-0.4b19-5.6x.i386.rpm
ftp://updates.redhat.com/6.2/i386/rmt-0.4b19-5.6x.i386.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/dump-0.4b19-5.6x.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
710a477813de5924b5aaca8ded33c3b2 5.2/SRPMS/dump-0.4b19-5.5x.src.rpm
496fcf5455218b085ee987c5148cb218 5.2/alpha/dump-0.4b19-5.5x.alpha.rpm
c8bec9ba7d4e8eb4bed2de555c6261a8 5.2/alpha/dump-static-0.4b19-5.5x.alpha.rpm
17b1956371260c4c7c86aa7e7098b70a 5.2/alpha/rmt-0.4b19-5.5x.alpha.rpm
3d7179c1541163652d42a0f3eba402c2 5.2/i386/dump-0.4b19-5.5x.i386.rpm
6ab9db49bf706b7228d952d7dffafd6a 5.2/i386/dump-static-0.4b19-5.5x.i386.rpm
3ca02060c0d8c5b2bfab68c9154ca65e 5.2/i386/rmt-0.4b19-5.5x.i386.rpm
80d7226a19922ddbb921c7cc619d68df 5.2/sparc/dump-0.4b19-5.5x.sparc.rpm
aedd02e6ebfc7703713ec34930b5cfd5 5.2/sparc/dump-static-0.4b19-5.5x.sparc.rpm
aaeaf1e04013e62e311f5fb7ccf4b6df 5.2/sparc/rmt-0.4b19-5.5x.sparc.rpm
48225b01757f79eecd50e20cc3746017 6.2/SRPMS/dump-0.4b19-5.6x.src.rpm
339d7bdc63a154a08ac05b2d59be299f 6.2/alpha/dump-0.4b19-5.6x.alpha.rpm
aa4eb8d7e446cdbaf10cec1d6beb2ea8 6.2/alpha/dump-static-0.4b19-5.6x.alpha.rpm
d70e961e5ce712df4b671fe7fa53cf0f 6.2/alpha/rmt-0.4b19-5.6x.alpha.rpm
62d35595f6b11c7a478d2f3608ebb8b3 6.2/i386/dump-0.4b19-5.6x.i386.rpm
86a7cd33b8c870f01a4fe3fc500a6af1 6.2/i386/dump-static-0.4b19-5.6x.i386.rpm
6f1831d60345791448f94f7e8276a47e 6.2/i386/rmt-0.4b19-5.6x.i386.rpm
f907fe91725a340c07f44d381eb4da70 6.2/sparc/dump-0.4b19-5.6x.sparc.rpm
daaf188d21fdfe8141f4e0dcfc8fa51e 6.2/sparc/dump-static-0.4b19-5.6x.sparc.rpm
930c7a447f5c197a73e619789a8ae18a 6.2/sparc/rmt-0.4b19-5.6x.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
N/A
Copyright(c) 2000 Red Hat, Inc.
------------------------------
End of this Digest
******************