bugzilla@redhat.com
2000-May-31 08:11 UTC
[RHSA-2000:005-05] New majordomo packages available
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: New majordomo packages available
Advisory ID: RHSA-2000:005-05
Issue date: 2000-01-20
Updated on: 2000-05-31
Product: Red Hat Powertools
Keywords: majordomo
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
New majordomo packages are available to fix local security problems in
majordomo.
2. Relevant releases/architectures:
Red Hat Powertools 6.1 - i386 alpha sparc
3. Problem description:
A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will
allow execution of arbitrary commands with elevated privileges.
It is recommended that all users of Red Hat Linux using the majordomo package
upgrade to the fixed package, which will resolve the vulnerability in
/usr/lib/majordomo/resend. To secure /usr/lib/majodomo/wrapper, please read the
solution section below.
Once an official patch has been released by the majordomo maintainers, we will
release an updated package which will fix both vulnerabilities.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
Once the package is installed, become "root" and execute this command:
chmod o-x /usr/lib/majordomo/wrapper
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.1:
intel:
ftp://ftp.redhat.com/redhat/updates/powertools/6.1/i386/majordomo-1.94.5-2.i386.rpm
alpha:
ftp://ftp.redhat.com/redhat/updates/powertools/6.1/alpha/majordomo-1.94.5-2.alpha.rpm
sparc:
ftp://ftp.redhat.com/redhat/updates/powertools/6.1/sparc/majordomo-1.94.5-2.sparc.rpm
sources:
ftp://ftp.redhat.com/redhat/updates/powertools/6.1/SRPMS/majordomo-1.94.5-2.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
ad994a1742d90a593b8ecfbf52634cd7 6.1/SRPMS/majordomo-1.94.5-2.src.rpm
8c829a13c2229060c899ffdc7e7db38c 6.1/alpha/majordomo-1.94.5-2.alpha.rpm
f0e22f364abcbe4c217f2b8eb180037d 6.1/i386/majordomo-1.94.5-2.i386.rpm
89e327c6c92acc97db34e541f34c0c67 6.1/sparc/majordomo-1.94.5-2.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in
resend, to Shevek at shevek@anarres.org and Olaf Kirch at okir@monad.swb.de for
noting the vulnerability in the wrapper.
Robert E. Wijnberg
2000-May-31 16:01 UTC
Re: [RHSA-2000:005-05] New majordomo packages available
Please fix this link into : intel: ftp://ftp.redhat.com/pub/redhat/updates/powertools/6.1/i386/majordomo-1.94.5-2.i386.rpm alpha: ftp://ftp.redhat.com/pub/redhat/updates/powertools/6.1/alpha/majordomo-1.94.5-2.alpha.rpm sparc: ftp://ftp.redhat.com/pub/redhat/updates/powertools/6.1/sparc/majordomo-1.94.5-2.sparc.rpm sources: ftp://ftp.redhat.com/pub/redhat/updates/powertools/6.1/SRPMS/majordomo-1.94.5-2.src.rpm bugzilla@redhat.com wrote:> > --------------------------------------------------------------------- > Red Hat, Inc. Security Advisory > > Synopsis: New majordomo packages available > Advisory ID: RHSA-2000:005-05 > Issue date: 2000-01-20 > Updated on: 2000-05-31 > Product: Red Hat Powertools > Keywords: majordomo > Cross references: N/A > --------------------------------------------------------------------- > > 1. Topic: > > New majordomo packages are available to fix local security problems in majordomo. > > 2. Relevant releases/architectures: > > Red Hat Powertools 6.1 - i386 alpha sparc > > 3. Problem description: > > A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges. > > It is recommended that all users of Red Hat Linux using the majordomo package upgrade to the fixed package, which will resolve the vulnerability in /usr/lib/majordomo/resend. To secure /usr/lib/majodomo/wrapper, please read the solution section below. > > Once an official patch has been released by the majordomo maintainers, we will release an updated package which will fix both vulnerabilities. > > 4. Solution: > > For each RPM for your particular architecture, run: > > rpm -Fvh [filename] > > where filename is the name of the RPM. > > Once the package is installed, become "root" and execute this command: > > chmod o-x /usr/lib/majordomo/wrapper > > 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): > > N/A > > 6. RPMs required: > > Red Hat Powertools 6.1: > > intel: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/i386/majordomo-1.94.5-2.i386.rpm > > alpha: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/alpha/majordomo-1.94.5-2.alpha.rpm > > sparc: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/sparc/majordomo-1.94.5-2.sparc.rpm > > sources: > ftp://ftp.redhat.com/redhat/updates/powertools/6.1/SRPMS/majordomo-1.94.5-2.src.rpm > > 7. Verification: > > MD5 sum Package Name > -------------------------------------------------------------------------- > ad994a1742d90a593b8ecfbf52634cd7 6.1/SRPMS/majordomo-1.94.5-2.src.rpm > 8c829a13c2229060c899ffdc7e7db38c 6.1/alpha/majordomo-1.94.5-2.alpha.rpm > f0e22f364abcbe4c217f2b8eb180037d 6.1/i386/majordomo-1.94.5-2.i386.rpm > 89e327c6c92acc97db34e541f34c0c67 6.1/sparc/majordomo-1.94.5-2.sparc.rpm > > These packages are GPG signed by Red Hat, Inc. for security. Our key > is available at: > http://www.redhat.com/corp/contact.html > > You can verify each package with the following command: > rpm --checksig <filename> > > If you only wish to verify that each package has not been corrupted or > tampered with, examine only the md5sum with the following command: > rpm --checksig --nogpg <filename> > > 8. References: > > Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in resend, to Shevek at shevek@anarres.org and Olaf Kirch at okir@monad.swb.de for noting the vulnerability in the wrapper. > > -- > To unsubscribe: mail redhat-watch-list-request@redhat.com with > "unsubscribe" as the Subject. > > -- > To unsubscribe: > mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null-- \\\/// / _ _ \ (| (.)(.) |) -------------------------.OOOo--()--oOOO.------------------------- pub 768/FE7D0209 1998/06/26 Robert E.Wijnberg <rob@wijnberg.net> Key fingerprint = AA 01 89 69 C0 D1 54 1A EB 36 45 73 A3 12 F4 9A ------------------------------------------------------------------ From mail@mail.redhat.com Jun 11:04:35 2000 -0400 Received: (qmail 16714 invoked from network); 7 Jun 2000 15:04:37 -0000 Received: from mail.redhat.com (199.183.24.239) by lists.redhat.com with SMTP; 7 Jun 2000 15:04:37 -0000 Received: from lacrosse.corp.redhat.com (lacrosse.corp.redhat.com [207.175.42.154]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id LAA10113; Wed, 7 Jun 2000 11:04:35 -0400 Received: from localhost (porkchop.redhat.com [207.175.42.68]) by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id LAA10284; Wed, 7 Jun 2000 11:04:33 -0400 Message-Id: <200006071504.LAA10284@lacrosse.corp.redhat.com> Subject: [RHSA-2000:032-02] kdelibs vulnerability for suid-root KDE applications Content-transfer-encoding: 8bit Approved: ewt@redhat.com To: redhat-watch-list@redhat.com From: bugzilla@redhat.com Cc: linux-security@redhat.com Content-type: text/plain; charset="iso-8859-1" Mime-version: 1.0 Date: Wed, 7 Jun 2000 11:04 -0400 --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: kdelibs vulnerability for suid-root KDE applications Advisory ID: RHSA-2000:032-02 Issue date: 2000-06-07 Updated on: 2000-06-07 Product: Red Hat Powertools Keywords: N/A Cross references: N/A --------------------------------------------------------------------- 1. Topic: In kdelibs 1.1.2 there are security issues for some applications when they are run suid root. 2. Relevant releases/architectures: Red Hat Powertools 6.0 - i386 Red Hat Powertools 6.1 - i386 Red Hat Powertools 6.2 - i386 3. Problem description: In kdelibs 1.1.2, there are security issues with the way some applications perform when they are run suid root. The only application vulnerable is kwintv from Powertools. With our PAM configuration, the suid bit for kwintv is not necessary. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): N/A 6. RPMs required: Red Hat Powertools 6.2: intel: ftp://ftp.redhat.com/redhat/updates/powertools/6.2/i386/kwintv-0.7.5-2.i386.rpm sources: ftp://ftp.redhat.com/redhat/updates/powertools/6.2/SRPMS/kwintv-0.7.5-2.src.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3757f47ebfcec111e6a63167873653ee 6.2/SRPMS/kwintv-0.7.5-2.src.rpm 72e10bb7dfb96a7c655a7f3db79d47a1 6.2/i386/kwintv-0.7.5-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A From mail@mail.redhat.com Thu Jun 8 09:51:58 2000 Received: (qmail 2138 invoked from network); 8 Jun 2000 13:52:06 -0000 Received: from mail.redhat.com (199.183.24.239) by lists.redhat.com with SMTP; 8 Jun 2000 13:52:06 -0000 Received: from rosie.bitwizard.nl (13dyn8.delft.casema.net [212.64.76.8]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id JAA18267 for <linux-security@redhat.com>; Thu, 8 Jun 2000 09:51:58 -0400 Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1]) by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id PAA08454 for <linux-security@redhat.com>; Thu, 8 Jun 2000 15:51:55 +0200 Received: (from wolff@localhost) by cave.bitwizard.nl (8.9.3/8.9.3) id PAA30855 for linux-security@redhat.com; Thu, 8 Jun 2000 15:51:55 +0200 Approved: R.E.Wolff@BitWizard.nl Received: (qmail 25073 invoked by alias); 6 Jun 2000 18:43:11 -0000 Received: (qmail 25070 invoked from network); 6 Jun 2000 18:43:11 -0000 Received: from lists.redhat.com (199.183.24.247) by www.bitwizard.nl with SMTP; 6 Jun 2000 18:43:11 -0000 Received: (qmail 5562 invoked by uid 501); 6 Jun 2000 18:43:09 -0000 Received: (qmail 16648 invoked from network); 6 Jun 2000 18:28:46 -0000 Received: from mail.redhat.com (199.183.24.239) by lists.redhat.com with SMTP; 6 Jun 2000 18:28:46 -0000 Received: from ns.lst.de (ns.lst.de [194.231.72.1]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id OAA19350 for <linux-security@redhat.com>; Tue, 6 Jun 2000 14:28:44 -0400 Received: (from mm@localhost) by ns.lst.de (8.9.3/8.9.3) id UAA06107 for linux-security@redhat.com; Tue, 6 Jun 2000 20:28:12 +0200 Date: Tue, 6 Jun 2000 20:28:12 +0200 From: Caldera Systems Security <security@calderasystems.com> To: linux-security@redhat.com Subject: [CSSA-2000-015-0] Caldera Security Advisory: KDE suid root applications Message-ID: <20000606202812.A6102@ns.lst.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: kdelibs vulnerability for setuid KDE applications Advisory number: CSSA-2000-015.0 Issue date: 2000 June, 02 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a very serious vulnerability in the way KDE starts applications that allows local users to take over any file in the system by exploiting setuid root KDE application. The only vulnerable application shipped with OpenLinux is kISDN, but third party software might be vulnerable too. There is currently no fix available. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 no vulnerable packages included OpenLinux eServer 2.3 no vulnerable packages included and OpenLinux eBuilder OpenLinux eDesktop 2.4 kISDN 3. Solution Workaround: If you do not need kISDN, deinstall it by issuing as root: rpm -e kisdn If you need kISDN on a multiuser workstation: Disable the suid-root sbit by doing as root: chmod u-s /opt/kde/bin/kisdn You can still use kisdn by issuing in a terminal window: $ su -p Password: <your root password> # kisdn & Also check your system for any other KDE application you have installed from third party sources and remove their suid bits as shown above. 4. OpenLinux Desktop 2.3 no vulnerable packages included, but third party KDE applications might be vulnerable. 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 no vulnerable packages included, but third party KDE applications might be vulnerable. 6. OpenLinux eDesktop 2.4 See the workaround above. 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix refers to Caldera's internal Problem Report 6806. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems wishes to thank Sebastian "Stealth" Krahmer for discovering and reporting the bug. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5N5b+18sy83A/qfwRAmDfAKC8gAzQiJJc1sDCwM8IqYFFujR7JgCeO65q kqD9K+pF1E5f0CtXg/e2bnk=kzOd -----END PGP SIGNATURE-----