Bill Nottingham
1999-Oct-21 03:49 UTC
[RHSA-1999:042-01] screen defaults to not using Unix98 ptys
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world read/write permissions. 2. Problem description: The version of screen that shipped with Red Hat Linux 6.1 defaulted to not using Unix98 ptys. Since screen is not setuid root, this means that it leaves the ptys with insecure permissions. The updated packages restore the Unix98 pty support. Thanks go to Chris Evans for noting this vulnerability. Previous versions of Red Hat Linux are not affected by this problem. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6100 4. Relevant releases/architectures: Red Hat Linux 6.1, Intel 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 6.1: Intel: ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/screen-3.9.4-3.i386.rpm Source package: ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/screen-3.9.4-3.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 2e5ada61d3d06408bae76bf581d2bf69 screen-3.9.4-3.i386.rpm 09277e5b10b709ac2d974b952cb29e9b screen-3.9.4-3.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig 'filename' If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 'filename' 10. References: From mail@mail.redhat.com Oct 17:20:32 1999 -0400 Received: (qmail 1551 invoked from network); 21 Oct 1999 21:20:34 -0000 Received: from mail.redhat.com (199.183.24.239) by lists.redhat.com with SMTP; 21 Oct 1999 21:20:34 -0000 Received: from alien.devel.redhat.com (root@alien.devel.redhat.com [207.175.42.9]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id RAA01606; Thu, 21 Oct 1999 17:20:32 -0400 Received: from localhost (IDENT:gafton@localhost [127.0.0.1]) by alien.devel.redhat.com (8.9.3/8.9.3) with ESMTP id RAA19426; Thu, 21 Oct 1999 17:20:31 -0400 Date: Thu, 21 Oct 1999 17:20:24 -0400 (EDT) From: Cristian Gafton <gafton@redhat.com> X-Sender: gafton@alien.devel.redhat.com To: redhat-watch-list@redhat.com Message-ID: <Pine.LNX.4.10.9910211719320.17166-100000@alien.devel.redhat.com> Approved: ewt@redhat.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII -----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic: Various computer security groups have reported security problems in the WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux. 2. Problem description: Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. Vulnerability #1: MAPPING_CHDIR Buffer Overflow Vulnerability #2: Message File Buffer Overflow Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root. Vulnerability #3: SITE NEWER Consumes Memory Remote and local intruders who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): N/A 4. Relevant releases/architectures: Red Hat Linux 4.2 for i386, alpha and sparc Red Hat Linux 5.2 for i386, alpha and sparc Red Hat Linux 6.x for i386, alpha and sparc 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 4.2 - ----------------- Intel: ftp://updates.redhat.com//4.2/i386/wu-ftpd-2.6.0-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com//4.2/alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com//4.2/sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com//4.2/SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm Red Hat Linux 5.2 - ----------------- Intel: ftp://updates.redhat.com//5.2/i386/wu-ftpd-2.6.0-0.5.x.i386.rpm Alpha: ftp://updates.redhat.com//5.2/alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm Sparc: ftp://updates.redhat.com//5.2/sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm Source packages: ftp://updates.redhat.com//5.2/SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm Red Hat Linux 6.x - ----------------- Intel: ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm Alpha: ftp://updates.redhat.com//6.0/alpha/wu-ftpd-2.6.0-1.alpha.rpm Sparc: ftp://updates.redhat.com//6.0/sparc/wu-ftpd-2.6.0-1.sparc.rpm Source packages: ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. 9. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- c6e1e63399ce8497b6ff7c9945954690 i386/wu-ftpd-2.6.0-0.4.2.i386.rpm 05c278b6507fbac44443a8be434adeed alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm 0ecd4ff150450607ce4b69982419ef07 sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm acb4144d477075480fd89112112658a9 SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm 13349a3192515d85c06dc873344a10bd i386/wu-ftpd-2.6.0-0.5.x.i386.rpm c6e97b13e6924d96f40cf4da8e8d217b alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm 35a32345c364e216e7437b1485c95160 sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm b9bdb8ca91e296e07344e1c1915078dd SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm a0b3a1a0dcfbdfd1443d0aecd960e907 alpha/wu-ftpd-2.6.0-1.alpha.rpm 7511f1f96b3044207cbe11d34f75ff7a sparc/wu-ftpd-2.6.0-1.sparc.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org AUSCERT Advisory AA-1999.01 ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul AUSCERT Advisory AA-1999.02 ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls Cristian - -- - ---------------------------------------------------------------------- Cristian Gafton -- gafton@redhat.com -- Red Hat, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How could this be a problem in a country where we have Intel and Microsoft?" --Al Gore on Y2K -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOA+DnfGvxKXU9NkBAQE4IwQAolvXS8CqvwZQ0EmAxVqht/0mnJ8OasfA rsIqfLufM/hcKcp1f9EuIX/CJoJRJNmuDEWHLgc8QD53vZpqXuEdd6q+7HQOA3n6 7eD8DRWHdcgUfmZmQ94JBmvJgIues2MD5yNPZkpI20ehQ/ILQbnJCkEP+70s9qEc LfvgysrzOIE=JLsl -----END PGP SIGNATURE----- From mail@mail.redhat.com Oct 17:24:18 1999 -0400 Received: (qmail 5653 invoked from network); 21 Oct 1999 21:24:18 -0000 Received: from mail.redhat.com (199.183.24.239) by lists.redhat.com with SMTP; 21 Oct 1999 21:24:18 -0000 Received: from alien.devel.redhat.com (root@alien.devel.redhat.com [207.175.42.9]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id RAA01901; Thu, 21 Oct 1999 17:24:18 -0400 Received: from localhost (IDENT:gafton@localhost [127.0.0.1]) by alien.devel.redhat.com (8.9.3/8.9.3) with ESMTP id RAA19450; Thu, 21 Oct 1999 17:24:17 -0400 Date: Thu, 21 Oct 1999 17:24:17 -0400 (EDT) From: Cristian Gafton <gafton@redhat.com> X-Sender: gafton@alien.devel.redhat.com To: redhat-watch-list@redhat.com Subject: SECURITY: [RHSA-1999:043] New wu-ftpd packages available Message-ID: <Pine.LNX.4.10.9910211722400.17166-100000@alien.devel.redhat.com> Approved: ewt@redhat.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: --------------------------------------------------------------------- 1. Topic: Various computer security groups have reported security problems in the WU-FTPD daemon, the FTP server shipped with all versions of Red Hat Linux. 2. Problem description: Three vulnerabilities have been identified in WU-FTPD and other ftp daemons based on the WU-FTPD source code. Vulnerability #1: MAPPING_CHDIR Buffer Overflow Vulnerability #2: Message File Buffer Overflow Remote and local intruders may be able exploit these vulnerabilities to execute arbitrary code as the user running the ftpd daemon, usually root. Vulnerability #3: SITE NEWER Consumes Memory Remote and local intruders who can connect to the FTP server can cause the server to consume excessive amounts of memory, preventing normal system operation. If intruders can create files on the system, they may be able exploit this vulnerability to execute arbitrary code as the user running the ftpd daemon, usually root. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): N/A 4. Relevant releases/architectures: Red Hat Linux 4.2 for i386, alpha and sparc Red Hat Linux 5.2 for i386, alpha and sparc Red Hat Linux 6.x for i386, alpha and sparc 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 4.2 ----------------- Intel: ftp://updates.redhat.com//4.2/i386/wu-ftpd-2.6.0-0.4.2.i386.rpm Alpha: ftp://updates.redhat.com//4.2/alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm Sparc: ftp://updates.redhat.com//4.2/sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm Source packages: ftp://updates.redhat.com//4.2/SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm Red Hat Linux 5.2 ----------------- Intel: ftp://updates.redhat.com//5.2/i386/wu-ftpd-2.6.0-0.5.x.i386.rpm Alpha: ftp://updates.redhat.com//5.2/alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm Sparc: ftp://updates.redhat.com//5.2/sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm Source packages: ftp://updates.redhat.com//5.2/SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm Red Hat Linux 6.x ----------------- Intel: ftp://updates.redhat.com//6.0/i386/wu-ftpd-2.6.0-1.i386.rpm Alpha: ftp://updates.redhat.com//6.0/alpha/wu-ftpd-2.6.0-1.alpha.rpm Sparc: ftp://updates.redhat.com//6.0/sparc/wu-ftpd-2.6.0-1.sparc.rpm Source packages: ftp://updates.redhat.com//6.0/SRPMS/wu-ftpd-2.6.0-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c6e1e63399ce8497b6ff7c9945954690 i386/wu-ftpd-2.6.0-0.4.2.i386.rpm 05c278b6507fbac44443a8be434adeed alpha/wu-ftpd-2.6.0-0.4.2.alpha.rpm 0ecd4ff150450607ce4b69982419ef07 sparc/wu-ftpd-2.6.0-0.4.2.sparc.rpm acb4144d477075480fd89112112658a9 SRPMS/wu-ftpd-2.6.0-0.4.2.src.rpm 13349a3192515d85c06dc873344a10bd i386/wu-ftpd-2.6.0-0.5.x.i386.rpm c6e97b13e6924d96f40cf4da8e8d217b alpha/wu-ftpd-2.6.0-0.5.x.alpha.rpm 35a32345c364e216e7437b1485c95160 sparc/wu-ftpd-2.6.0-0.5.x.sparc.rpm b9bdb8ca91e296e07344e1c1915078dd SRPMS/wu-ftpd-2.6.0-0.5.x.src.rpm dcd5d04df11849007aa3c4fb398cfbfb i386/wu-ftpd-2.6.0-1.i386.rpm a0b3a1a0dcfbdfd1443d0aecd960e907 alpha/wu-ftpd-2.6.0-1.alpha.rpm 7511f1f96b3044207cbe11d34f75ff7a sparc/wu-ftpd-2.6.0-1.sparc.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org AUSCERT Advisory AA-1999.01 ftp://www.auscert.org.au/security/advisory/AA-1999.01.wu-ftpd.mapping_chdir.vul AUSCERT Advisory AA-1999.02 ftp://www.auscert.org.au/security/advisory/AA-1999.02.multi.wu-ftpd.vuls Cristian -- ---------------------------------------------------------------------- Cristian Gafton -- gafton@redhat.com -- Red Hat, Inc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How could this be a problem in a country where we have Intel and Microsoft?" --Al Gore on Y2K
Schmitz, Kelly
1999-Oct-21 20:56 UTC
Re: [RHSA-1999:042-01] screen defaults to not using Unix98 ptys
Message-ID: <F6D402CB2540D211AC2C006008906E6601962720@nenexchange.nenlifesci.com> From: Bill Nottingham <notting@redhat.com> X-Reply-To: redhat-watch-list@redhat.com To: redhat-watch-list@redhat.com Cc: linux-security@redhat.com, bugtraq@securityfocus.com Subject: [RHSA-1999:042-01] screen defaults to not using Unix98 ptys Date: Wed, 20 Oct 1999 23:49:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: screen defaults to not using Unix98 ptys Advisory ID: RHSA-1999:042-01 Issue date: 1999-10-20 Updated on: Keywords: Cross references: screen unix98 pty permissions --------------------------------------------------------------------- 1. Topic: Screen uses ptys with world read/write permissions. 2. Problem description: The version of screen that shipped with Red Hat Linux 6.1 defaulted to not using Unix98 ptys. Since screen is not setuid root, this means that it leaves the ptys with insecure permissions. The updated packages restore the Unix98 pty support. Thanks go to Chris Evans for noting this vulnerability. Previous versions of Red Hat Linux are not affected by this problem. 3. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 6100 4. Relevant releases/architectures: Red Hat Linux 6.1, Intel 5. Obsoleted by: 6. Conflicts with: 7. RPMs required: Red Hat Linux 6.1: Intel: ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/screen-3.9.4-3.i386.rpm Source package: ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/screen-3.9.4-3.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh 'filename' where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 2e5ada61d3d06408bae76bf581d2bf69 screen-3.9.4-3.i386.rpm 09277e5b10b709ac2d974b952cb29e9b screen-3.9.4-3.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig 'filename' If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 'filename' 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject. -- To unsubscribe: mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null