---------- Forwarded message ---------- Date: Wed, 8 Mar 2000 17:18:21 -0800 (PST) From: Katie Moussouris <k8eat_private> Reply-To: tl-security-announceat_private To: tl-security-announceat_private Subject: [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ TurboLinux Security Announcement Package: mtr-0.41 and earlier Date: Wed Mar 8 14:54:54 PST 2000 Affected TurboLinux versions: TurboLinux 6.0.2 and earlier Vulnerability Type: Local root compromise TurboLinux Advisory ID#: TLSA2000003-1 Credits: This vulnerability was posted to the Bugtraq mailing list on March 3, 2000 by Viktor Fougstedt <viktorat_private>. ______________________________________________________________________________ A security hole was discovered in the package mentioned above. Please update the package in your installation as soon as possible or disable the service. _____________________________________________________________________________ 1. Problem Summary Older versions of mtr did not properly drop root privileges. From Viktor's original posting: "Mtr only does a seteuid(), and not a full setuid() when attempting to drop root privs. Seteuid() _only_ affects the effective uid of the process, and the saved uid is therefore still 0 after this call. When a process has saved uid 0, it may issue a setuid(0) to regain full root privileges (i.e. real and effective uid 0)." 2. Impact A malicious user could take control over mtr (perhaps through gtk or curses) and can then execute arbitrary code as root. 3. Solution Update the package from our ftp server by running the following command: rpm -Uv ftp_path_to_filename Where ftp_path_to_filename is the following: ftp://ftp.turbolinux.com/pub/updates/6.0/security/mtr-0.42-1.i386.rpm The source rpm can be downloaded here: ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/mtr-0.42-1.src.rpm **Note: You must rebuild and install the rpm if you choose to download and install the srpm. Simply installing the srpm alone WILL NOT CLOSE THE SECURITY HOLE. Please verify the md5 checksum of the update before you install: MD5 sum Package Name - ---------------------------------------------------------------------------- 966e78977e5847d817efed904009f467 mtr-0.42-1.i386.rpm 3efef9f2d24f4169f02574063f5cbb1f mtr-0.42-1.src.rpm ______________________________________________________________________________ You can find more updates on our ftp server: ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation and Server security updates ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation and Server security updates Our webpage for security announcements: http://www.turbolinux.com/security If you want to report vulnerabilities, please contact: security-rtat_private ______________________________________________________________________________ Subscribe to the TurboLinux Security Mailing lists: TL-security - A moderated list for discussing security issues in TurboLinux products. Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security TL-security-announce - An announce-only mailing list for security updates and alerts. Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security-announce ______________________________________________________________________________ - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDis8xgRBACKx6P//rFXRM/LpWRZDEFfzTXIvZzjEs7xTbE6CqhZhMgN6+9O LwaHJzRq/hslHoUDEgxQX0eGB86mu4AaHrzv8ajzGhNhyOzH50qxK8y8ieqDsIkD OkuYhep1VAyt036yIdXzDMee4M8+z6IFwAip6k4wNWsbCrW6IxRm5iC3gwCgobOS Zp77Wq/hGnl3cAf3NukYXIED/1wdTCEfMTESTkg++ynBXU9Gw2ylKmvChj2Ew/FJ ZJobaqmMr47i7aXf0+uu7/gYXmmRKA0B+ZRpmfZbL68ObSuLo7Srvjlv1U9fcTZy Ja92MJELTmhcQPTmgj+/quIi98IjG6Mky/Ahzi+OcSrecGNdyvRAtK5OGot01ECJ 5O7XA/9K1Og1d4UTNVQS4BP+gyKMVDKRmX7TPyn3oLmwdozjYq7RFtdU2WvNdmpY l2hHci6sQkgyFddqkCTBujQ0pcaZeVklzrCWUbglu61nhYFHMC9fgJkvvKWD6lOH XXSiBml77oCIBuPCZxUOwyMUDbGQGRYM49rjzoflRmX1CwinQ7RhU2VjdXJpdHkg TGlzdCBNb25pdG9yIChUbyBzaWduIHRoaXMga2V5LCBjb250YWN0IGs4ZUB0dXJi b2xpbnV4LmNvbSkgPHNlY21vbkBtYWlsLnR1cmJvbGludXguY29tPohcBBMRAgAc BQI4rPMYBQkB4TOABAsKBAMDFQMCAxYCAQIXgAAKCRDt5HtucdAp5CZ5AJ0UqQVG zFuW+MH8CMIw8wUMmtBZowCgiZOKtPqwdR7OtouUmKTIhUpaNiS0P0thdGllIE1v dXNzb3VyaXMgKFNlY3VyaXR5IExpc3QgTW9kZXJhdG9yKSA8azhlQHR1cmJvbGlu dXguY29tPohcBBMRAgAcBQI4rPZEBQkB4TOABAsKBAMDFQMCAxYCAQIXgAAKCRDt 5HtucdAp5IXdAJ9NvehGNPB2r2rB1bM8jtHBLNPnZACfd7GtVb+PZK/BDENxwXuS 8lZITuy5Ag0EOKzzShAIALEu2sabwfahE2norzx2+jAFn+aBJmZDMWEE0z/WrcNQ rTLXAtJ+mReEADEA/yscRlva2WkhctBic9/bTdXrv4Q6UoX7bs3N2UiqPOeU6YXP jkKlPQSCLmJ68yrKG1YlpjRizQnCZsA1ylBWP3i+KKUkKDEHn/LUHi0dqWVuYsKu sCEFoAxW0WWJ0uxDwXUTFIh+qdSbJ+xbgy/Yx6jL2Mro00n6jjp4qRDPJDjOOmqL 93ieniKziNcXS0sW6f2qFq1nKKQeYB0Ga5vGEWJMFxBbnOvutX1tGnqzeieTBKnn 8KBVwtSVI1ZlEuUYPt+RNIE0pL1af2xC56CNpo6fY3MAAwUIAJ47hbcZNkg5GCic kaktBGs8Gk2fuG33KmlnmQ75oRBeQfaobJ6/xduOQuWHEOZpeyaxVJawu/9FKolN Wsh0IZzN12HUmSCo28OQJw/SLdSnOk20QQmkcfSYAqU07D0yJtruQ7wpKPTUgQi9 ABPw6G5NFpvx3QIH78ikrAZsxOEAOyCtl8dnQphlRXOQJkJDwklZAStrOqzu2DPj ytDWh4OJNsMZvPF/CByeal/Qoh4DzHEVflAF0Bje191whiHMpb4sF5EPg4EdfFd1 LrOio+cqFLFU+Pj2Bk22H38CpbJgDpae3mjVUxP2xuSY3/9f9/OdM9mcC45KJ2ue Vktb+uaITAQYEQIADAUCOKzzSgUJAeEzgAAKCRDt5HtucdAp5L+3AJ9QAJh2IyoW 4hedBTVNW2/mSQG7+wCcDoeJUGJ5TiAHNtd3C1LqnN5FHD0= =Hh08 - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4xvqw7eR7bnHQKeQRAuVHAKCIqavbfh2FivSbqINbJtmd+PhINACfR7aX uWGrcciifWYj4Lrf7tglfco= =4vqx -----END PGP SIGNATURE----- _______________________________________________ TL-Security-Announce mailing list TL-Security-Announceat_private http://www.turbolinux.com/mailman/listinfo/tl-security-announce
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:16 PDT