>Their is a buffer overrun in /bin/login which has the potential to
>allow any user of your system to gain root access. util-linux-2.5-29
>contains a fix for this and is available for Red Hat Linux 4.0 on
>all four platforms. We strongly recommend that all of Red Hat 4.0
>usres apply this fix.
Does this bug affect the ''login'' that is distributed
with shadow password suite (960129 is my version)?
Could someone explain the problem, and how to fix it if so.
-jjr
[Mod: Please refere to message posted to linux-security on Mon, 23 Dec 1996
under subject ''Buffer overflow in Linux''s login
program'' -- alex]
From mail@mail.redhat.com mail2.redhat.com dutecai.et.tudelft.nl by
(8.6.10/1.34JP)
Received: (qmail 3750 invoked from network); 17 Jan 1997 07:08:37 -0000
Received: from rosie.et.tudelft.nl (130.161.127.248)
by mail2.redhat.com with SMTP; 17 Jan 1997 07:08:36 -0000
Received: from cave.et.tudelft.nl (cave.et.tudelft.nl [130.161.127.241]) by
rosie.et.tudelft.nl (8.7.4/8.7.3) with ESMTP id RAA26124 for
<linux-security@redhat.com>; Thu, 16 Jan 1997 17:32:16 +0100
Received: (from wolff@localhost) by cave.et.tudelft.nl (8.7.6/8.7.3) id RAA03885
for linux-security@redhat.com; Thu, 16 Jan 1997 17:43:20 +0100
Received: from mail2.redhat.com by dutecai.et.tudelft.nl (8.6.10/1.34JP)
id PAA17921; Thu, 16 Jan 1997 15:38:28 +0100
Received: (qmail 11544 invoked by uid 501); 16 Jan 1997 14:23:31 -0000
Received: (qmail 11431 invoked from network); 16 Jan 1997 14:22:55 -0000
Received: from vse.vse.cz (146.102.16.2)
by mail2.redhat.com with SMTP; 16 Jan 1997 14:17:57 -0000
Received: from manes.vse.cz by vse.vse.cz with SMTP id AA04002
(5.67a8/IDA-1.5 for <linux-security@redhat.com>); Thu, 16 Jan 1997
15:17:35 +0100
Received: from localhost by manes.vse.cz with SMTP id AA01262
(5.67a8/IDA-1.5 for linux-security@redhat.com); Thu, 16 Jan 1997 15:17:33
+0100
Date: Thu, 16 Jan 1997 15:17:32 +0100 (MET)
From: Hynek Med <xmedh02@manes.vse.cz>
Approved: R.E.Wolff@BitWizard.nl
To: linux-security@redhat.com
Subject: Re: [linux-security] BoS: hmm..seen this one?
Message-Id: <Pine.ULT.3.95.970116151337.28235G-100000@manes.vse.cz>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Charset: ASCII
X-Char-Esc: 29
> Intel:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm
>
> Alpha:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm
>
> SPARC:
> rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm
>
> All of these packages have been signed with Red Hat''s PGP key.
But when you do this, don''t forget to upgrade your pam to pam-0.50-22,
otherwise you run into problems - you won''t be able to login (thank God
ssh worked). I think util-linux should have this dependence on
pam-0.50-22 or higher..
Hynek
--
Hynek Med, xmedh02@manes.vse.cz
From mail@mail.redhat.com mail2.redhat.com dutecai.et.tudelft.nl by
(8.6.10/1.34JP)
Received: (qmail 5910 invoked from network); 17 Jan 1997 11:54:34 -0000
Received: from rosie.et.tudelft.nl (130.161.127.248)
by mail2.redhat.com with SMTP; 17 Jan 1997 11:54:31 -0000
Received: from cave.et.tudelft.nl (cave.et.tudelft.nl [130.161.127.241]) by
rosie.et.tudelft.nl (8.7.4/8.7.3) with ESMTP id LAA28791 for
<linux-security@redhat.com>; Fri, 17 Jan 1997 11:18:41 +0100
Received: (from wolff@localhost) by cave.et.tudelft.nl (8.7.6/8.7.3) id LAA01459
for linux-security@redhat.com; Fri, 17 Jan 1997 11:30:15 +0100
Received: from mail2.redhat.com by dutecai.et.tudelft.nl (8.6.10/1.34JP)
id UAA25013; Thu, 16 Jan 1997 20:52:26 +0100
Received: (qmail 612 invoked by uid 501); 16 Jan 1997 19:48:43 -0000
Received: (qmail 564 invoked from network); 16 Jan 1997 19:48:40 -0000
Received: from dhp.com (@199.245.105.1)
by mail2.redhat.com with SMTP; 16 Jan 1997 19:48:39 -0000
Received: from dhp.com (dhp.com [199.245.105.1]) by dhp.com (8.8.4/8.6.12) with
SMTP id OAA18650; Thu, 16 Jan 1997 14:48:14 -0500
Date: Thu, 16 Jan 1997 14:48:13 -0500 (EST)
From: Matt <panzer@dhp.com>
Approved: R.E.Wolff@BitWizard.nl
To: Christopher Hicks <chicks@chicks.net>
cc: linux-security@redhat.com
Subject: Re: [linux-security] Re: logwatching
In-Reply-To: <Pine.LNX.3.94.970116124053.13190B-100000@yakko.chicks.net>
Message-ID: <Pine.LNX.3.95.970116144453.18239A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 16 Jan 1997, Christopher Hicks wrote:> What''s wrong with swatch 2.2?
2.2 changed how it handled signals, in such a way as to not work on linux.
-Matt (panzer@dhp.com) -- DataHaven Project - http://www.dhp.com/
"That which can never be enforced should not be prohibited."
