Problem bei Verwendung von uudecode in sharutils
ID: | MDKSA-2002:052 |
Distribution: | Mandrake |
Plattformen: | Mandrake 7.1, Mandrake 7.2, Mandrake Corporate Server 1.0.1, Mandrake 8.0, Mandrake Single Network Firewall 7.2, Mandrake 8.1, Mandrake 8.2 |
Datum: | Do, 15. August 2002, 13:00 |
Referenzen: | Keine Angabe |
Applikationen: | GNU Shar |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: sharutils Advisory ID: MDKSA-2002:052 Date: August 14th, 2002 Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 ________________________________________________________________________ Problem Description: The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0178 http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en ________________________________________________________________________ Updated Packages: Linux-Mandrake 7.1: 0cef090407766961c9cfbf39ae47cb4f 7.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 7.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Linux-Mandrake 7.2: 4f6cc4d34eb4383ac86b1f24d66b2609 7.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 7.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.0: 73204916c2ddaaa35928aae097bf34a6 8.0/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 8.0/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.0/ppc: 7d268cb972cba165ad00edb748280463 ppc/8.0/RPMS/sharutils-4.2.1-8.1mdk.ppc.rpm cec98ba6349a7533873d1bbf7d77df92 ppc/8.0/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.1: b29aa6f0277acb8ec0322b0449a5d5cc 8.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 8.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.1/ia64: ab622e101d1fb45e70cb91f2d8095ceb ia64/8.1/RPMS/sharutils-4.2.1-8.1mdk.ia64.rpm cec98ba6349a7533873d1bbf7d77df92 ia64/8.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.2: 933544c2edfed6f26eb5e6a9105dd3f1 8.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 8.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Mandrake Linux 8.2/ppc: 9e9df329ac4933f1ee7e2a7a03e587c8 ppc/8.2/RPMS/sharutils-4.2.1-8.1mdk.ppc.rpm cec98ba6349a7533873d1bbf7d77df92 ppc/8.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Corporate Server 1.0.1: 0cef090407766961c9cfbf39ae47cb4f 1.0.1/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 1.0.1/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm Single Network Firewall 7.2: 4f6cc4d34eb4383ac86b1f24d66b2609 snf7.2/RPMS/sharutils-4.2.1-8.1mdk.i586.rpm cec98ba6349a7533873d1bbf7d77df92 snf7.2/SRPMS/sharutils-4.2.1-8.1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig |