Re: [SECURITY] new version isdnutils fixes exploitable xmonisdn

From: Chmouel Boudjnah (chmouelat_private)
Date: Wed Aug 18 1999 - 05:55:23 PDT

Next message: Bluefish: "[EuroHaCk] stealth-code (fwd)"

Previous message: Elias Levy: "Vulnerability In LSA on Windows NT SP5"
Maybe in reply to: Aleph One: "[SECURITY] new version isdnutils fixes exploitable xmonisdn"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Florian Weimer <fwat_private> writes:

> Aleph One <aleph1at_private> writes:
>
> > We have received reports that the version of xmonisdn as distributed
> > in the isndutils package from Debian GNU/Linux 2.1 has a security
> > problem.
> Note that other Linux distributions may be affected as well.
> The makefile that comes with the (rather outdated) isdn4kutils betas
> and that was in the isdn4linux CVS tree installed xmonisdn setuid root,
> too (until Paul Slootman committed a fix at the beginning of August).

For mandrake (should work also on a RH6) we have already send a update :

--=-=-=
August, 17 1999 SECURITY UPDATE: isdn4utils

xmonisdn as distributed in the isndutils package from Mandrake 6.0 has a
security problem. Upgrade to:

4109ff6f46614bfba6eb5b41651eea56 isdn4k-utils-3.0-4mdk.i586.rpm
90a263b047adbb52b937546c5571c780 isdn4k-utils-3.0-4mdk.src.rpm

from http://www.linux-mandrake.com/en/fupdates.php3

--=-=-=


--
MandrakeSoft          http://www.mandrakesoft.com/
			         	 --Chmouel

Next message: Bluefish: "[EuroHaCk] stealth-code (fwd)"
Previous message: Elias Levy: "Vulnerability In LSA on Windows NT SP5"
Maybe in reply to: Aleph One: "[SECURITY] new version isdnutils fixes exploitable xmonisdn"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:55 PDT