-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: DoS on gpm
Advisory number: CSSA-2000-024.0
Issue date: 2000 July, 6
Cross reference:
______________________________________________________________________________
1. Problem Description
There are security problems within gpm (General Purpose Mouse support
daemon) which allow removal of system files and also exhibit a local
denial of service attack.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
gpm-1.17.8-5
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder gpm-1.17.8-5
OpenLinux eDesktop 2.4 All packages previous to
gpm-1.19.2-4
3. Solution
Workaround:
none
We recommend our users to upgrade to the new packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
bdcc5caf3e4cf4abb3081ef6e2049a61 RPMS/gpm-1.17.8-5.i386.rpm
7436e49533e64d7a737c920bbc874299 RPMS/gpm-devel-1.17.8-5.i386.rpm
f9c19f994238fa507d4e5505ebd78b59 RPMS/gpm-devel-static-1.17.8-5.i386.rpm
c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
061e6d50414c0c024547e29c3e1a0737 RPMS/gpm-1.17.8-5.i386.rpm
79633f3258b8bcbdff2fdd733e262e10 RPMS/gpm-devel-1.17.8-5.i386.rpm
0fa3527333421bf90f844376ff692d9d RPMS/gpm-devel-static-1.17.8-5.i386.rpm
c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
3f83840592100ea6a770070e11f4d9d9 RPMS/gpm-1.19.2-4.i386.rpm
f223771658eef771a5f93b09dc50c281 RPMS/gpm-devel-1.19.2-4.i386.rpm
7a50dd9a854ed30365cf535850d39420 RPMS/gpm-devel-static-1.19.2-4.i386.rpm
c43abbdd533ac0d9a247eb13dfbb5bb4 SRPMS/gpm-1.19.2-4.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 7297.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgement
Caldera Systems wishes to thank Ian Zimmermann for providing the fix.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5dp+V18sy83A/qfwRAhCfAJ934cwOj+vi8taarVCA1w8jqf33CwCcDss6
I0IGl8DR0aWD4MIRqQsUcaM=hoSC
-----END PGP SIGNATURE-----
From mail@mail.redhat.com Jul 16:56:17 2000 -0400
Received: (qmail 32587 invoked from network); 21 Jul 2000 20:56:18 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 21 Jul 2000 20:56:18 -0000
Received: from lacrosse.corp.redhat.com (root@lacrosse.corp.redhat.com
[207.175.42.154])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id QAA11487;
Fri, 21 Jul 2000 16:56:17 -0400
Received: from localhost (porkchop.redhat.com [207.175.42.68])
by lacrosse.corp.redhat.com (8.9.3/8.9.3) with SMTP id QAA04037;
Fri, 21 Jul 2000 16:56:16 -0400
Message-Id: <200007212056.QAA04037@lacrosse.corp.redhat.com>
Subject: [RHSA-2000:044-02] Updated PAM packages are available.
Content-transfer-encoding: 8bit
Approved: ewt@redhat.com
To: redhat-watch-list@redhat.com
From: bugzilla@redhat.com
Cc: bugtraq@securityfocus.com, linux-security@redhat.com
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Fri, 21 Jul 2000 16:56 -0400
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Updated PAM packages are available.
Advisory ID: RHSA-2000:044-02
Issue date: 2000-07-21
Updated on: 2000-07-21
Product: Red Hat Linux
Keywords: N/A
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
Updated pam packages are available for Red Hat Linux 6.x.
These packages fix a bug that would potentially allow
remote users to access console devices and shut down the
workstation if the workstation is running a display manager
(xdm, gdm, kdm, etc.) with XDMCP enabled.
2. Relevant releases/architectures:
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
3. Problem description:
If a workstation is configured to use a display manager (xdm,
gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user
who logs in remotely to use Xnest -query to log in on display
:1, which is recognized as the system console.
This is the documented behavior for Red Hat Linux 6.0, 6.1, and
6.2. This update disables this feature by default. Users of Red
Hat Linux 5.x are not affected because the pam_console.so module
was not included in releases prior to 6.0.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
11165 - Gnome panel, ssh can allow remote non-root users to halt,reboot
12417 - man pages not installed properly in pam
12430 - /sbin/{pwdb,unix}_chkpwd not stripped
6. RPMs required:
Red Hat Linux 6.2:
sparc:
ftp://updates.redhat.com/6.2/sparc/pam-0.72-20.sparc.rpm
alpha:
ftp://updates.redhat.com/6.2/alpha/pam-0.72-20.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/i386/pam-0.72-20.i386.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/pam-0.72-20.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
1e0f9bd6ac389b40c90daba918c419eb 6.2/SRPMS/pam-0.72-20.src.rpm
8834754c1b0fd31ac4fa8f3e54bb7444 6.2/alpha/pam-0.72-20.alpha.rpm
b0376fbeb5fa31b1ac118b1831185959 6.2/i386/pam-0.72-20.i386.rpm
be592c19f8742f9dca85d6ef19cbfb80 6.2/sparc/pam-0.72-20.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
N/A
Copyright(c) 2000 Red Hat, Inc.