linux security - Jun 2000 - Warning regarding new kernel RPMs

The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you:

    4. Solution:

    For each RPM for your particular architecture, run:

    rpm -Fvh [filename]

    where filename is the name of the RPM.

These instructions are incomplete and may result in a system that
is unbootable.

After updating the RPM files, you should also:

	(1) run mkinitrd to create a new initial ramdisk image
		[this step may not be necessary on some systems]

	(2) update your lilo.conf file

	(3) run /sbin/lilo

[mod: Aren't these steps in the post-install script of the kernel RPM? 
(On the other hand, I wouldn't want a script touching MY lilo.conf...) 
-- REW]


From mail@mail.redhat.com Jun 18:29:52 2000  -0400
Received: (qmail 29303 invoked from network); 23 Jun 2000 22:29:53 -0000
Received: from mail.redhat.com (199.183.24.239)
  by lists.redhat.com with SMTP; 23 Jun 2000 22:29:53 -0000
Received: from lacrosse.corp.redhat.com (root@lacrosse.corp.redhat.com
[207.175.42.154])
	by mail.redhat.com (8.8.7/8.8.7) with ESMTP id SAA08887;
	Fri, 23 Jun 2000 18:29:52 -0400
Received: from localhost (porkchop.redhat.com [207.175.42.68])
	by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id SAA10608;
	Fri, 23 Jun 2000 18:29:51 -0400
Message-Id: <200006232229.SAA10608@lacrosse.corp.redhat.com>
Subject: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed
Content-transfer-encoding: 8bit
Approved: ewt@redhat.com
To: redhat-watch-list@redhat.com, linux-security@redhat.com,
        bugtraq@securityfocus.com, wuftpd-questions@wu-ftpd.org,
        wu-ftpd@mail.wustl.edu
From: bugzilla@redhat.com
Cc: 
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Fri, 23 Jun 2000 18:29 -0400

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          remote root exploit (SITE EXEC) fixed
Advisory ID:       RHSA-2000:039-02
Issue date:        2000-06-23
Updated on:        2000-06-23
Product:           Red Hat Linux
Keywords:          wu-ftpd, root exploit, site exec, buffer overrun
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access.
The new version closes the hole.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386 alpha sparc
Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

An exploitable buffer overrun existed in wu-ftpd code's status update code.
Fixed by adding bounds checking by passing the status strings through %s.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

6. RPMs required:

Red Hat Linux 5.2:

i386:
ftp://updates.redhat.com/5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm

sparc:
ftp://updates.redhat.com/5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm

Red Hat Linux 6.2:

i386:
ftp://updates.redhat.com/6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
e1f3b09d8ad0067fa7fd22e7afe77e64  5.2/SRPMS/wu-ftpd-2.6.0-2.5.x.src.rpm
7c2f89b3f8533ec54a36c5dde5995ce6  5.2/alpha/wu-ftpd-2.6.0-2.5.x.alpha.rpm
8dbd0b0f1fa1d0755393942cb4cb141d  5.2/i386/wu-ftpd-2.6.0-2.5.x.i386.rpm
5d9df2512a15e5c8914f398d980b12e7  5.2/sparc/wu-ftpd-2.6.0-2.5.x.sparc.rpm
67349a75b767585628912b840e52806e  6.2/SRPMS/wu-ftpd-2.6.0-14.6x.src.rpm
fafe870fc91762dd7e9182df3b4dfee5  6.2/alpha/wu-ftpd-2.6.0-14.6x.alpha.rpm
50c11f333641277ab75e6207bffb13b4  6.2/i386/wu-ftpd-2.6.0-14.6x.i386.rpm
8abba6ffa660d1c221581855630ed40d  6.2/sparc/wu-ftpd-2.6.0-14.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

N/A

Joseph V Moss wrote:
> 
> The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you:
[instructions snipped]
> [mod: Aren't these steps in the post-install script of the kernel RPM?
> (On the other hand, I wouldn't want a script touching MY lilo.conf...)
> -- REW]
Previous kernel updates have pointed the updator to
http://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html
, but the latest notice didn't.

[mod: Also noted by: chicks@chicks.net. Thanks. -- REW]

--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11