drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ungeprüfte Verwendung von Benutzereingaben in docview
Name: |
Ungeprüfte Verwendung von Benutzereingaben in docview
|
|
ID: |
CSSA-2001-026.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1 |
|
Datum: |
Di, 17. Juli 2001, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
docview |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________ Caldera International, Inc. Security Advisory
Subject: Linux - docview local httpd exploit Advisory number: CSSA-2001-026.0 Issue date: 2001, July 17 Cross reference: ______________________________________________________________________________
1. Problem Description
Docview is a set of CGI scripts providing documentation over http. A argument validation problem in one of the CGI scripts made it possible for a local attacker to gain access to the 'httpd' account.
2. Vulnerable Versions
System Package ----------------------------------------------------------- OpenLinux 2.3 not vulnerable OpenLinux eServer 2.3.1 not vulnerable and OpenLinux eBuilder OpenLinux eDesktop 2.4 not vulnerable OpenLinux Server 3.1 All packages previous to docview-1.0-15 OpenLinux Workstation 3.1 All packages previous to docview-1.0-15
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
not vulnerable
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
not vulnerable
6. OpenLinux eDesktop 2.4
not vulnerable
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
12edf4ca1adbda9d9c94ad57aab52b44 RPMS/docview-1.0-15.i386.rpm f7c3ec4d5bf75ab7517f1b8609500d96 SRPMS/docview-1.0-15.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/etc/rc.d/init.d/docview stop rpm -Fvh docview-1.0-15.i386.rpm /etc/rc.d/init.d/docview start
8. OpenLinux 3.1 Workstation
8.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
SRPMS
8.2 Verification
12edf4ca1adbda9d9c94ad57aab52b44 RPMS/docview-1.0-15.i386.rpm f7c3ec4d5bf75ab7517f1b8609500d96 SRPMS/docview-1.0-15.src.rpm
8.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
/etc/rc.d/init.d/docview stop rpm -Fvh docview-1.0-15.i386.rpm /etc/rc.d/init.d/docview start
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10194.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE7U/ta18sy83A/qfwRAsgLAJ0SzUMvruOXxLBtNs3h8hciT2OhsACdGlRc LKCGNLy+I/w2eBMLNeEPKag= =n9om -----END PGP SIGNATURE-----
--------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com For additional commands, e-mail: announce-help@lists.caldera.com
|
|
|
|