[11419] in bugtraq
Re: [SECURITY] new version isdnutils fixes exploitable xmonisdn
daemon@ATHENA.MIT.EDU (Chmouel Boudjnah)
Thu Aug 19 06:17:33 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <87r9l1b64k.fsf@vador.mandrakesoft.com>
Date: Wed, 18 Aug 1999 14:55:23 +0200
Reply-To: Chmouel Boudjnah <chmouel@MANDRAKESOFT.COM>
From: Chmouel Boudjnah <chmouel@MANDRAKESOFT.COM>
X-To: Florian Weimer <fw@S.NETIC.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Florian Weimer's message of "Tue, 17 Aug 1999 14:56:26 +0200"
Florian Weimer <fw@S.NETIC.DE> writes:
> Aleph One <aleph1@UNDERGROUND.ORG> writes:
>
> > We have received reports that the version of xmonisdn as distributed
> > in the isndutils package from Debian GNU/Linux 2.1 has a security
> > problem.
> Note that other Linux distributions may be affected as well.
> The makefile that comes with the (rather outdated) isdn4kutils betas
> and that was in the isdn4linux CVS tree installed xmonisdn setuid root,
> too (until Paul Slootman committed a fix at the beginning of August).
For mandrake (should work also on a RH6) we have already send a update :
--=-=-=
August, 17 1999 SECURITY UPDATE: isdn4utils
xmonisdn as distributed in the isndutils package from Mandrake 6.0 has a
security problem. Upgrade to:
4109ff6f46614bfba6eb5b41651eea56 isdn4k-utils-3.0-4mdk.i586.rpm
90a263b047adbb52b937546c5571c780 isdn4k-utils-3.0-4mdk.src.rpm
from http://www.linux-mandrake.com/en/fupdates.php3
--=-=-=
--
MandrakeSoft http://www.mandrakesoft.com/
--Chmouel
