[16149] in bugtraq
Re: [RHSA-2000:048-02] Updated mailx and perl packages are now
daemon@ATHENA.MIT.EDU (Chuck Wolber)
Wed Aug 9 15:16:38 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10008080916100.13786-100000@NS1.scraps.org>
Date: Tue, 8 Aug 2000 09:17:30 -0700
Reply-To: Chuck Wolber <chuckw@QUANTUMLINUX.COM>
From: Chuck Wolber <chuckw@QUANTUMLINUX.COM>
X-To: redhat-announce-list@redhat.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200008081420.KAA12000@lacrosse.corp.redhat.com>
Error in the package:
[root@NS1 pub]# rpm -Uvh perl-5.00503-11.i386.rpm
error: failed dependencies:
rpmlib(VersionedDependencies) <= 3.0.3-1 is needed by perl-5.00503-11
Please fix!
-Chuck
On Tue, 8 Aug 2000 bugzilla@redhat.com wrote:
> ---------------------------------------------------------------------
> Red Hat, Inc. Security Advisory
>
> Synopsis: Updated mailx and perl packages are now available.
> Advisory ID: RHSA-2000:048-02
> Issue date: 2000-08-07
> Updated on: 2000-08-08
> Product: Red Hat Linux
> Keywords: perl suid
> Cross references: N/A
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> Updated perl and mailx package are now available which fix a potential
> exploit made possible by incorrect assumptions made in suidperl.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 5.0 - i386, alpha, sparc
> Red Hat Linux 5.1 - i386, alpha, sparc
> Red Hat Linux 5.2 - i386, alpha, sparc
> Red Hat Linux 6.0 - i386, alpha, sparc
> Red Hat Linux 6.1 - i386, alpha, sparc
> Red Hat Linux 6.2 - i386, alpha, sparc
> Red Hat Linux 6.2E - i386, alpha, sparc
>
> 3. Problem description:
>
> Under certain conditions, suidperl will attempt to send mail to the local
> superuser account using /bin/mail. A properly formatted exploit script can
> use this facility, along with mailx's tendency to inherit settings from the
> environment, to gain local root access.
>
> This update changes suidperl's behavior to use syslog instead of mail, and
> restricts the list of variables /bin/mail will read from the environment.
>
> 4. Solution:
>
> For each RPM for your particular architecture, run:
>
> rpm -Fvh [filename]
>
> where filename is the name of the RPM.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> 15625 - Root exploit alread posted on bugtraq
> 15630 - Root exploit in sperl
> 15641 - suidperl has a major problem
>
>
> 6. RPMs required:
>
> Red Hat Linux 5.0, 5.1, 5.2:
>
> sparc:
> ftp://updates.redhat.com/5.2/sparc/mailx-8.1.1-16.sparc.rpm
> ftp://updates.redhat.com/5.2/sparc/perl-5.004m7-2.sparc.rpm
>
> alpha:
> ftp://updates.redhat.com/5.2/alpha/mailx-8.1.1-16.alpha.rpm
> ftp://updates.redhat.com/5.2/alpha/perl-5.004m7-2.alpha.rpm
>
> i386:
> ftp://updates.redhat.com/5.2/i386/mailx-8.1.1-16.i386.rpm
> ftp://updates.redhat.com/5.2/i386/perl-5.004m7-2.i386.rpm
>
> sources:
> ftp://updates.redhat.com/5.2/SRPMS/mailx-8.1.1-16.src.rpm
> ftp://updates.redhat.com/5.2/SRPMS/perl-5.004m7-2.src.rpm
>
> Red Hat Linux 6.0, 6.1, 6.2:
>
> sparc:
> ftp://updates.redhat.com/6.2/sparc/mailx-8.1.1-16.sparc.rpm
> ftp://updates.redhat.com/6.2/sparc/perl-5.00503-11.sparc.rpm
>
> i386:
> ftp://updates.redhat.com/6.2/i386/mailx-8.1.1-16.i386.rpm
> ftp://updates.redhat.com/6.2/i386/perl-5.00503-11.i386.rpm
>
> alpha:
> ftp://updates.redhat.com/6.2/alpha/mailx-8.1.1-16.alpha.rpm
> ftp://updates.redhat.com/6.2/alpha/perl-5.00503-11.alpha.rpm
>
> sources:
> ftp://updates.redhat.com/6.2/SRPMS/mailx-8.1.1-16.src.rpm
> ftp://updates.redhat.com/6.2/SRPMS/perl-5.00503-11.src.rpm
>
> 7. Verification:
>
> MD5 sum Package Name
> --------------------------------------------------------------------------
> c514911db4ce13fc32af5b59233d5dc9 5.2/SRPMS/mailx-8.1.1-16.src.rpm
> 7440313c13c65142c75e35d32b5807c3 5.2/SRPMS/perl-5.004m7-2.src.rpm
> 430fca595dd42648239b8ad475032c9c 5.2/alpha/mailx-8.1.1-16.alpha.rpm
> 876b94f7d4fd4d92142f44de51045591 5.2/alpha/perl-5.004m7-2.alpha.rpm
> fd9d44b8aeadc36bd871dd8e2d6211c4 5.2/i386/mailx-8.1.1-16.i386.rpm
> 0a1f47cacb891c03b351211d4fe825ed 5.2/i386/perl-5.004m7-2.i386.rpm
> 376f28398c607b4af12d06babbd7e098 5.2/sparc/mailx-8.1.1-16.sparc.rpm
> 24e61c42e5a22dbbc929264a1ddc3869 5.2/sparc/perl-5.004m7-2.sparc.rpm
> 30d2f82abfba4ac2c770b66c591d528f 6.2/SRPMS/mailx-8.1.1-16.src.rpm
> 5cfe855e78b1ed7672e4daa738093f2c 6.2/SRPMS/perl-5.00503-11.src.rpm
> 25497e13b1d30f3dcff365602f78208a 6.2/alpha/mailx-8.1.1-16.alpha.rpm
> 452714b1ddfd479cb683b21ca54d27a3 6.2/alpha/perl-5.00503-11.alpha.rpm
> c121c2076bae78f42afcf9f0357549b9 6.2/i386/mailx-8.1.1-16.i386.rpm
> ff573609cbe0de0fe72838b0139992da 6.2/i386/perl-5.00503-11.i386.rpm
> 6464e30268ba05a2ca938b38805a9256 6.2/sparc/mailx-8.1.1-16.sparc.rpm
> fa63980aed3bdd2c9c14dcca6745c56c 6.2/sparc/perl-5.00503-11.sparc.rpm
>
> These packages are GPG signed by Red Hat, Inc. for security. Our key
> is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
> rpm --checksig <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> rpm --checksig --nogpg <filename>
>
> 8. References:
>
> http://www.securityfocus.com/vdb/bottom.html?vid=1547
> http://bugs.perl.org/perlbug.cgi?req=tidmids&tidmids=20000806.001
>
>
> Copyright(c) 2000 Red Hat, Inc.
>
>
>
> _______________________________________________
> Redhat-watch-list mailing list
> Redhat-watch-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/redhat-watch-list
>
>
>
> _______________________________________________
> Redhat-announce-list mailing list
> Redhat-announce-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/redhat-announce-list
>
--
Quantum Linux Laboratories - ACCELERATING Business with Linux Technology
* Education |
* Enterprise Integration | http://www.quantumlinux.com
* Support | chuckw@quantumlinux.com
