[543] in linux-security and linux-alert archive
Linux Security FAQ Update#9: Splitvt Vulnerability
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Tue Jan 2 21:39:49 1996
Date: Tue, 2 Jan 1996 18:12:19 -0500 (EST)
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
cc: Linux Announce Submit <linux-announce@stc06.ctd.ornl.gov>,
Sam Lantinga <slouken@cs.ucdavis.edu>
[ Don't laugh. This message somehow was sitting in Bach's mail queue
since Dec 18, 1995! -- alex ]
-----BEGIN PGP SIGNED MESSAGE-----
Linux Security FAQ Update
SplitVT Vulnerability
Dec 18, 1995 14:48:02 EST
Copyright (C) 1995 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
TEMPLE UNIVERSITY
U.S.A.
=============================================================================
This is an official update of the Linux security FAQ, and it is supposed to
be signed by one of the following PGP keys:
pub 1024/9ED505C5 1995/12/06 Jeffrey A. Uphoff <juphoff@nrao.edu>
Jeffrey A. Uphoff <jeff.uphoff@linux.org>
1024/EFE347AD 1995/02/17 Olaf Kirch <okir@monad.swb.de>
1024/ADF3EE95 1995/06/08 Linux Security FAQ Primary Key <Alexander O. Yuriev>
Unless you are able to verify at least one of signatures, please be very
careful when following instructions.
Linux Security WWW: http://bach.cis.temple.edu/linux/linux-security
linux-security & linux-alert mailing list archives:
ftp://linux.nrao.edu/pub/linux/security/list-archive
=============================================================================
ABSTRACT
A vulnerability exists in the Splitvt program prior to
version 1.6.3, including the Splitvt program in the
Slackware 3.0 Linux distribution. The exploit scripts
circulating over the Internet allow local users to gain
root access using the Splitvt
RISK ASSESMENT
If a splitvt binary version prior to 1.6.3 is a
setuid-to-root program, any local user that can execute it
can gain root access on the system.
SOLUTION TO THE PROBLEM
To determine if your version of Splitvt is vulnerable use
command
splitvt -version
If the version of your splitvt binary is prior to 1.6.3, locate
it and immidiately remove setuid bit from it using a command
similiar to
chmod 111 /usr/bin/splitvt
DISTRIBUTION FIXES
Red Hat Commercial Linux 2.0 & 2.1
Red Hat Linux distribution does not include Splitvt.
If you installed your own version of Splitvt, please
follow the intstuctions in the Other Distributions
Section.
Caldera Network Desktop
Preview II does not include Splitvt. If you
installed your own version of Splitvt, please follow
the intstuctions in the Other Distributions Section.
Debian
Debian/GNU Linux distribution does not include
Splitvt. If you installed your own version of
Splitvt, please follow the intstuctions in the Other
Distributions Section.
Slackware
Version 3.0.
Patrick J. Volkerding
(volkerdi@mhd1.moorhead.msus.edu) has supplied
information about the official patch for
Slackware 3.0. The official patch can be
obtained from one of the following URLs:
ftp://ftp.cdrom.com/pub/linux/slackware/patches/splitvt-patch.tgz
ftp://bach.cis.temple.edu/pub/Linux/Security/DISTRIBUTION-FIXES/Slackware-3.0/splitvt-patch.tgz
ftp://linux.nrao.edu/pub/linux/security/DISTRIBUTION-FIXES/Slackware-3.0/splitvt-patch.tgz
Please verify the MD5 hash of the file prior to installing
it.
214ce5016dc457acb6e6dd381794d285 splitvt-patch.tgz
In order to install the patch use command
installpkg splitvt-patch.tgz
as root.
Other versions of Slackware
Please consider upgrading to Slackware 3. In
the nearest future the Linux Security FAQ
Updates would stop containing any
information about versions of Slackware
prior to 3.
Other Linux Distributions:
If your distribution is not listed in this LSF Update
and is vulnerable or if you installed splitvt in a
distribution that does not support it, you would
need to upgrade to splitvt version 1.6.3 by
compiling the source code.
The official source code of splitvt 1.6.3 can be
obtained from one of the following URLs:
ftp://dandelion.ceres.ca.gov/pub/splitvt/splitvt-1.6.3.tar
ftp://bach.cis.temple.edu/pub/Linux/Security/splitvt-1.6.3.tar
ftp://linux.nrao.edu/pub/linux/security/splitvt-1.6.3.tar
Please verify the MD5 hash of the file prior to
installing it.
eec2fe2c5b4a3958261197905a9d9c81 splitvt-1.6.3.tar
CREDITS
Information in this update is based on the release of the
Avalon Security Research. We would also like to thank
Sam Lantinga (slouken@cs.ucdavis.edu) and Patrick J.
Volkerding (volkerdi@mhd1.moorhead.msus.ed) for their prompt
response to the problem.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMOm6J4xFUz2t8+6VAQGZ4wQAm1nNFBfu1iJ8+p8583JCzlqz3ThAxu2F
gbwo4t39H3qO4yFPXyRsivU5yTi2b0s2obIcEsqyVQZeM2dwsoPG23MfrqFb8jll
J058yaeEsaopmu7BmMbhT8lyygcaq6t3mPAZFOQxkPHkP2GHXTxY/8ZenjsYJkaG
fydFMPRb+Po=
=O3MP
-----END PGP SIGNATURE-----
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2 37B13C4D8CD3D501
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================
