[594] in linux-security and linux-alert archive
LSF Update#11: Vulnerability of rxvt
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Feb 1 05:30:03 1996
Date: Tue, 30 Jan 1996 01:50:06 -0500 (EST)
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
cc: big-linux-mailing-list <big-linux@netspace.org>, caldera-users@caldera.com
-----BEGIN PGP SIGNED MESSAGE-----
Linux Security FAQ Update
rxvt vulnerability
Wed Jan 24 13:25:44 EST 1996
Copyright (C) 1995, 1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
TEMPLE UNIVERSITY
U.S.A.
=============================================================================
This is an official update of the Linux security FAQ, and it is supposed to
be signed by one of the following PGP keys:
1024/9ED505C5 1995/12/06 Jeffrey A. Uphoff <juphoff@nrao.edu>
Jeffrey A. Uphoff <jeff.uphoff@linux.org>
1024/EFE347AD 1995/02/17 Olaf Kirch <okir@monad.swb.de>
1024/ADF3EE95 1995/06/08 Linux Security FAQ Primary Key <Alexander O. Yuriev>
Unless you are able to verify at least one of signatures, please be very
careful when following instructions.
Linux Security WWW: http://bach.cis.temple.edu/linux/linux-security
linux-security & linux-alert mailing list archives:
ftp://linux.nrao.edu/pub/linux/security/list-archive
=============================================================================
ABSTRACT
The rxvt program used to emulate VT100 terminal in the X11
environment can be exploited to gain unauthorized root access.
This Linux Security FAQ Update provides information that can be
used to deal with this problem.
RISK ASSESSMENT
The information released to full-disclosure mailing lists allows
any local user to obtain an unauthorized root access if rxvt is
installed as a suid-to-root program.
SOLUTION TO THE PROBLEM
Immediately remove a suid bit from the rxvt binary using command:
chmod 111 /usr/X11R6/bin/rxvt
This assumes that you have rxvt installed as /usr/X11R6/bin/rxvt.
If that is not the case, locate the binary and substitute
/usr/X11R6/bin/rxvt with its name. You can use one of the following
commands to locate rxvt:
locate rxvt | grep -v rxvt.1x
or
find / -type f -name rxvt -print
DISTRIBUTION FIXES
After you install the distribution-specific fixed version of rxvt,
you should make the rxvt binary suid-to-root.
Red Hat Linux 2.1 & 2.0, Caldera Network Desktop
The Red Hat Commercial Linux 2.0 and 2.1 distributions and
Caldera Network Desktop are vulnerable to an attack against
rxvt. Marc Ewing (marc@redhat.com) provided the RPM package
that fixes the security problem with rxvt. The package can be
obtained from one of the following URLs:
ftp://ftp.redhat.com/pub/redhat-2.1/i386/updates/RPMS/rxvt-2.10-3.i386.rpm
ftp://bach.cis.temple.edu/pub/Linux/Security/DISTRIBUTION-FIXES/RedHat2.1/rxvt-2.10-3.i386.rpm
ftp://linux.nrao.edu/pub/linux/security/DISTRIBUTION-FIXES/RedHat2.0/rxvt-2.10-3.i386.rpm
Please verify the MD5 hash of the file prior to installing
the package:
b50028ae040c7778d3a0fe98316f5615 rxvt-2.10-3.i386.rpm
Debian/GNU Linux
The Debian/GNU Linux distribution includes a vulnerable
version of rxvt. Ian Murdock (imurdock@debian.org) provided
information about the official replacement package for the
Debian/GNU Linux that fixes this rxvt problem. The fixed
package can be obtained from one of the following URLs:
ftp://ftp.debian.org/debian/debian-0.93/binary/x11/rxvt-2.10-2.deb
ftp://bach.cis.temple.edu/pub/Linux/Security/DISTRIBUTION-FIXES/Debian/rxvt-2.10-2.deb
ftp://linux.nrao.edu/pub/linux/security/DISTRIBUTION-FIXES/Debian/rxvt-2.10-2.deb
Please verify the MD5 hash of the file prior to installing
the package.
f6a704ede216a3e67e8517a5d179a6f2 rxvt-2.10-2.deb
Slackware 3.0
Slackware 3.0 is vulnerable to an attack against rxvt. There
is no Slackware-specific fixed version of rxvt package
available at this time.
Until such fixed version of rxvt becomes available, users
of Slackware 3.0 are advised to follow the procedure in the
"Other Linux Distributions" section of this Update.
Yggdrasil Plug & Play Fall'95
Yggdrasil Plug and Play Fall'95 Linux distribution does not
include rxvt and therefore is not vulnerable as long as you
did not install your own version of rxvt.
Other Linux Distributions
If your Linux distribution is not listed above or there is
no fixed version of rxvt available for your distribution or
you installed rxvt yourself, it is recommended that you
obtain the source code of rxvt used as a base for
Debian/GNU Linux package.
The source code can be obtained from one of the following
URLs:
ftp://ftp.debian.org/debian/debian-0.93/source/x11/rxvt-2.10-2.tar.gz
ftp://bach.cis.temple.edu/pub/Linux/Security/rxvt-2.10-2.tar.gz
ftp://linux.nrao.edu/pub/linux/security/DISTRIBUTION-FIXES/OTHER/rxvt-2.10-2.tar.gz
Please verify the MD5 hash of the file prior to installing
it.
f3e08f8f97da3c4f245c8de970e05c9d rxvt-2.10-2.tar.gz
CREDITS
Marc Ewing (marc@redhat.com)
Ian Murdock (imurdock@debian.org)
Adam J. Richter (adam@yggdrasil.com)
Olaf Kirch (okir@monad.swb.de)
Allen Wheelwright (apw24@hermes.cam.ac.uk)
Jeff Uphoff (juphoff@tarsier.cv.nrao.edu)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMQ2+koxFUz2t8+6VAQGuWgQAgjshASO3Mz8ldHoUnJlSsDdXPwipmdc8
JLHGauq+AZasvWSoZKSpenakwklkzTDPNYm48g7/jlE97B2yANi1JxxYaK+QjZg8
C5imnKxj2LvgDxVy6+aSG1NvBqIWEush7VX2+Ubh1P3K8E2tth6SsdDx3qfY3/wK
gbWzEY7Qu/4=
=dCW2
-----END PGP SIGNATURE-----
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2 37B13C4D8CD3D501
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================
