[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Re: Also New pkg RaQ3-All-Security-5.0.1-15673.pkg

Subject: RE: [cobalt-users] Re: Also New pkg RaQ3-All-Security-5.0.1-15673.pkg
From: "Tom Nelson" <tom@xxxxxxxxxxxxx>
Date: Sun Jan 12 17:31:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Ahhhhh,

Searched Google, and here is what I found on RedHat...

<<<<
   Security Advisory

Details:

A locally exploitable vulnerability is present in the util-linux package
shipped with Red Hat Linux

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. The 'chfn'
utility included in this package allows users to modify personal
information stored in the system-wide password file, /etc/passwd. In order
to modify this file, this application is installed setuid root.

Under certain conditions, a carefully crafted attack sequence can be
performed to exploit a complex file locking and modification race present
in this utility allowing changes to be made to /etc/passwd.

In order to successfully exploit the vulnerability and perform privilege
escalation there is a need for a minimal administrator interaction.
Additionally, the password file must be over 4 kilobytes, and the local
attackers entry must not be in the last 4 kilobytes of the password file.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0638 to this issue.

An interim workaround is to remove setuid flags from /usr/bin/chfn and
/usr/bin/chsh. All users of Red Hat Linux should update to the errata
util-linux packages which contain a patch to correct this vulnerability.

Many thanks to Michal Zalewski of Bindview for alerting us to this issue.
>>>>

Thank you,
looks like we should run this pkg?






It seems to be a 'low-level system utilities' update...

See the link below
http://rpmfind.net/linux/RPM/redhat/updates/7.0/alpha/util-linux-2.10m-12.7.
0.alpha.html
or make a search on Google to : util-linux-2.10m

Don't know if it's really needed....
Jean

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] Re: Also New pkg RaQ3-All-Security-5.0.1-15673.pkg
  - From: jeanjean

Prev by Date: [cobalt-users] RAQ4R installing PHPBB 2, can I use Interbase via DSN??
Next by Date: [cobalt-users] raq550 GUI
Previous by thread: [cobalt-users] Re: Also New pkg RaQ3-All-Security-5.0.1-15673.pkg
Next by thread: [cobalt-users] Qube 3 Memory

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index