[2367] in Release_7.7_team
Linux/Athena security updates
daemon@ATHENA.MIT.EDU (Thomas Bushnell, BSG)
Mon Jul 31 15:43:00 2000
Date: Mon, 31 Jul 2000 15:42:50 -0400
Message-Id: <200007311942.PAA32749@alice-whacker.mit.edu>
From: tb@MIT.EDU (Thomas Bushnell, BSG)
To: release-team@mit.edu
I have downloaded the pending RedHat security updates.
I mention below only the packages that we install in the standard
install list.
* The following have only local security exploits, but might affect
Athena users anyway. I recommend we install all of these too. Some
of these might affect dialups as well.
gpm:
Two problems exist in gpm, the program used to enable mouse
control on the console when not using X Windows:
1. gpm did not perform adequate checking of setgid return values
in the gpm-root helper program. This resulted in an avenue of
attack where local users could execute arbitrary commands with
elevated group priviledges.
2. /dev/gpmctl was writable by users who were not on the console.
A user could perform a local denial of service attack by flooding
the socket.
kernel:
A security bug involving setuid programs is fixed in
this kernel.
emacs:
With emacs < 20.7, unprivileged local users can eavesdrop the
communication between Emacs and its subprocesses.
There is also the following problem with pam. This is unlikely to
affect Athena users; I have no opinion about whether we should install
this.
pam:
If a workstation is configured to use a display manager (xdm,
gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user
who logs in remotely to use Xnest -query to log in on display
:1, which is recognized as the system console.