[14734] in bugtraq
aaa_base still vulnerable after upgrade
daemon@ATHENA.MIT.EDU (Matthias Andree)
Mon May 1 02:01:56 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000429180510.A8715@emma1.emma.line.org>
Date: Sat, 29 Apr 2000 18:05:10 +0200
Reply-To: Matthias Andree <matthias.andree@GMX.DE>
From: Matthias Andree <matthias.andree@GMX.DE>
X-To: Marc Heuse <marc@suse.de>, security@suse.de
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000429142806.EB73467B0@Galois.suse.de>; from marc@suse.de on
Sam, Apr 29, 2000 at 04:28:06 +0200
* Marc Heuse (marc@suse.de) [2000-04-29 16:28]:
> ______________________________________________________________________________
>
> SuSE Security Announcement
>
> Package: aaabase < 2000.1.3
> Date: Sat, 29 Apr 2000 14:03:28 GMT
>
> Affected SuSE versions: all
> Vulnerability Type: remove any local file(s)
> executing attacker supplied commands as non-root
> 350cabc140a177dfa1909d356c982647 ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/aaa_base-99.9.8-0.i386.rpm
Note that after applying this non-fix, SuSE 6.2 remains vulnerable (as
it's not an update and the 99.9.8 version _IS_ vulnerable).
Isn't it embarrassing to announce fixes which don't even touch the
_vulnerable_ packages?
This is an offense against all paying and trusting clients and users.
It expresses that SuSE still are not familiar with security, and they
do not regularly audit their programs for security issues.
rm -f $DEL_FILE
DEL_DIR=`dirname $DEL_FILE`
if [ "$DEL_DIR" != "$TMP_DIR/." ] ; then
rmdir $DEL_DIR 2> /dev/null
fi
This expresses that the persons who wrote that script did not know what
they were doing and were totally unaware of files that contain spaces
or shell metacharacters in their names. Apart from that 2>/dev/null
(they'd better fixed the script than the symptoms), how about these
nice time bomb (try rebooting the machine after MAX_DAYS_IN_TMP days!):
touch "/tmp/x /etc/rc.config"
Better set MAX_DAYS_IN_TMP=0 in /etc/rc.config for now. Do it NOW.
--
Matthias Andree
