drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zugriffsrechten in shadow
Name: |
Mangelnde Prüfung von Zugriffsrechten in shadow
|
|
ID: |
MDKSA-2004:126 |
|
Distribution: |
Mandrake |
|
Plattformen: |
Mandrake Multi Network Firewall 8.2, Mandrake Corporate Server 2.1, Mandrake 9.2, Mandrake 10.0, Mandrake 10.1 |
|
Datum: |
Fr, 5. November 2004, 12:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1001
http://secunia.com/advisories/13028 |
|
Applikationen: |
|
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory _______________________________________________________________________
Package name: shadow-utils Advisory ID: MDKSA-2004:126 Date: November 4th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________
Problem Description:
A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwd_check() function. This function is used by the chfn and chsh tools. The updated packages have been patched to prevent this problem. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1001 http://secunia.com/advisories/13028 ______________________________________________________________________
Updated Packages: Mandrakelinux 10.0: 0ba43408dbd43f4cb91f0409c55d2a33 10.0/RPMS/shadow-utils-4.0.3-8.1.100mdk.i586.rpm b614188ebd45398b9211c623703e192f 10.0/SRPMS/shadow-utils-4.0.3-8.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64: ab7dd6ff065b58c3566cb7b22d3621f9 amd64/10.0/RPMS/shadow-utils-4.0.3-8.1.100mdk.amd64.rpm b614188ebd45398b9211c623703e192f amd64/10.0/SRPMS/shadow-utils-4.0.3-8.1.100mdk.src.rpm
Mandrakelinux 10.1: f4eb58ab0b8da58a33ce2c0cf4c7d87f 10.1/RPMS/shadow-utils-4.0.3-8.1.101mdk.i586.rpm 89fe1fc7fe11812bd4a1ae913334d7f6 10.1/SRPMS/shadow-utils-4.0.3-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64: e99e42d23e61c94beeeaf4a34c87bf03 x86_64/10.1/RPMS/shadow-utils-4.0.3-8.1.101mdk.x86_64.rpm 89fe1fc7fe11812bd4a1ae913334d7f6 x86_64/10.1/SRPMS/shadow-utils-4.0.3-8.1.101mdk.src.rpm
Corporate Server 2.1: 6af1c44ec3708155e84453f24d02ecaf corporate/2.1/RPMS/shadow-utils-20000902-10.1.C21mdk.i586.rpm fda9c8a42041a45fce3b89ac7c5fa4bc corporate/2.1/SRPMS/shadow-utils-20000902-10.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64: 793499a2e451a4e094071ec99b5e938c x86_64/corporate/2.1/RPMS/shadow-utils-20000902-10.1.C21mdk.x86_64.rpm fda9c8a42041a45fce3b89ac7c5fa4bc x86_64/corporate/2.1/SRPMS/shadow-utils-20000902-10.1.C21mdk.src.rpm
Mandrakelinux 9.2: 24cf182746a19950907d229076a36a50 9.2/RPMS/shadow-utils-4.0.3-5.1.92mdk.i586.rpm 002303dab59ab225b54c7326e65fd6e2 9.2/SRPMS/shadow-utils-4.0.3-5.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64: cb2c6e2a866acd66b199d26c931156ed amd64/9.2/RPMS/shadow-utils-4.0.3-5.1.92mdk.amd64.rpm 002303dab59ab225b54c7326e65fd6e2 amd64/9.2/SRPMS/shadow-utils-4.0.3-5.1.92mdk.src.rpm
Multi Network Firewall 8.2: b37dbc5eeb09399f5227559779b1c7d9 mnf8.2/RPMS/shadow-utils-20000902-5.2.M82mdk.i586.rpm bbe070cc85b48a9f79234aded8d14d3f mnf8.2/SRPMS/shadow-utils-20000902-5.2.M82mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBisQLmqjQ0CJFipgRAjxnAKDiPNuXFGPdoCAABaiKY1H2ACZA/gCfdeSK +ORdEraVt0csvxhtJmKs6E8= =/q0Z -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
|
|
|
|