SECURITY: Red Hat Linux 5.1 linuxconf bug

From: Michael K. Johnson (johnsonmat_private)
Date: Thu May 28 1998 - 08:02:16 PDT

Next message: Christian Groessler: "Re: Exploit: Windows95/98/ (NT?) Autorun"

Previous message: Chris Evans: "ALERT: Tiresome security hole in "xosview", RedHat5.1?"
Next in thread: Sergio Ballestrero: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"
Reply: Sergio Ballestrero: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In Red Hat Linux 5.1, linuxconf version 1.11r11-rh2 was inadvertantly
setuid root.  This creates the potential for security holes that allow
attackers to gain root access to your machine.  (Users of Red Hat
Linux 5.0 and earlier are NOT affected, as linuxconf was not included
with any previous version of Red Hat Linux.)

If you have installed Red Hat Linux 5.1, you can immediately remove
the danger by logging in as root and running the command:

        chmod -s /bin/linuxconf

We also recommend that you update to the latest version of linuxconf,
linuxconf-1.11r11-rh3, which fixes this bug.

Red Hat Linux 5.1 for Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r11-rh3.i386.rpm

Red Hat Linux 5.1 for Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r11-rh3.alpha.rpm

Thanks to BUGTRAQ for finding and reporting this.

Next message: Christian Groessler: "Re: Exploit: Windows95/98/ (NT?) Autorun"
Previous message: Chris Evans: "ALERT: Tiresome security hole in "xosview", RedHat5.1?"
Next in thread: Sergio Ballestrero: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"
Reply: Sergio Ballestrero: "Re: SECURITY: Red Hat Linux 5.1 linuxconf bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:55:00 PDT