Unsichere Verwendung von /tmp in mgetty
ID: | TLSA2001020 |
Distribution: | TurboLinux |
Plattformen: | Keine Angabe |
Datum: | Do, 24. Mai 2001, 13:00 |
Referenzen: | Keine Angabe |
Applikationen: | mgetty |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _____________________________________________________________________________________________ Turbolinux Security Announcement Package: mgetty Vulnerable Packages: All Turbolinux versions prior to 1.1.22 Date: 05/17/2001 5:00 PDT Affected Turbolinux platforms: TL Workstation 6.1, TL Server 6.0.5 and earlier Turbolinux Advisory ID#: TLSA2001020 Reference: http://www.securityfocus.com/vdb/bottom.html?vid=2187 _____________________________________________________________________________________________ A security hole was discovered in the package mentioned above. Please update the packages in your installation as soon as possible. _____________________________________________________________________________________________ 1. Problem Summary When mgetty runs, it creates files in the /tmp directory, but it does so in an insecure fashion, making it quite easy for an attacker to guess the names of future /tmp files. 2. Impact It is possible for an attacker to create symbolic links in the /tmp directory so that he can append to or overwrite system files which, under normal circumstances, are write-accessible only by the user running the mgetty application(i.e. root). 3. Solution Update the packages from our ftp server by using the following procedure: First, uninstall the previous versions of the mgetty packages by performing the following commands in the given order: rpm -e mgetty-voice rpm -e mgetty-viewfax rpm -e mgetty-sendfax rpm -e mgetty If the package getty_ps is installed, uninstall it as well. Then, install the updated versions of mgetty using the following command: rpm -ivh ftp_path_to_filename Where ftp_path_to_filename is the following: ftp://ftp.turbolinux.com/pub/updates/6.0/security/mgetty-1.1.22-7.i386.rpm ftp://ftp.turbolinux.com/pub/updates/6.0/security/mgetty-sendfax-1.1.22-7.i386.rpm ftp://ftp.turbolinux.com/pub/updates/6.0/security/mgetty-viewfax-1.1.22-7.i386.rpm ftp://ftp.turbolinux.com/pub/updates/6.0/security/mgetty-voice-1.1.22-7.i386.rpm The source RPM can be downloaded here: ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/mgetty-1.1.22-7.src.rpm **Note: You must rebuild and install the RPM if you choose to download and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE THE SECURITY HOLE. **Be sure to have XFree86-devel installed on your system before using the source rpm to build the mgetty packages. Please verify the MD5 checksums of the updates before you install: MD5 sum Package Name --------------------------------------------------------------------------------------------- 5de87256cb97ae7ea6260d28d3af9cc7 mgetty-1.1.22-7.i386.rpm 1187e088aee19db37897437a2d761bb7 mgetty-sendfax-1.1.22-7.i386.rpm 6e723db938b07e0934f1ebc6ac9e2599 mgetty-viewfax-1.1.22-7.i386.rpm 25e990cab0eaa51d3e3efcd867ec7664 mgetty-voice-1.1.22-7.i386.rpm b3b90b7f6a01722c6f6aad21b6ceaa94 mgetty-1.1.22-7.src.rpm _____________________________________________________________________________________________ These packages are GPG signed by Turbolinux for security. Our key is available here: http://www.turbolinux.com/security/tlgpgkey.asc To verify a package, use the following command: rpm --checksig name_of_rpm To examine only the md5sum, use the following command: md5sum name_of_rpm **Note: Checking GPG keys requires RPM 3.0 or higher. _____________________________________________________________________________________________ You can find more updates on our ftp server: ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.x Workstation and Server security updates Our webpage for security announcements: http://www.turbolinux.com/security If you want to report vulnerabilities, please contact: security@turbolinux.com ______________________________________________________________________________________________ Subscribe to the Turbolinux Security Mailing lists: TL-security - A moderated list for discussing security issues Turbolinux products. Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security TL-security-announce - An announce-only mailing list for security updates and alerts. Subscribe at: http://www.turbolinux.com/mailman/listinfo/tl-security-announce -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: pgpenvelope 2.10.0 - http://pgpenvelope.sourceforge.net/ iD8DBQE7Baikcpw52/ZatwoRAo9/AJ9NQmtN0dmy2zJR3T6J+mFM1gegvACffiau 8gJNM/cUAtL+5f9xyyLVo+c= =M7Qh -----END PGP SIGNATURE----- _______________________________________________ TL-Security-Announce mailing list TL-Security-Announce@www.turbolinux.com http://www.turbolinux.com/mailman/listinfo/tl-security-announce |