[TL-Security-Announce] man-1.5g-5 and earlier TLSA2000004-1

• Previous message: Werner Koch: "Re: PGP Signatures security BUG!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii


--IS0zKkzwUGydFO0o
Content-Type: message/rfc822

Return-Path: <tl-security-announce-adminat_private>
Received: from www1.turbolinux.com (IDENT:rootat_private [38.170.88.11])
	by mail.turbolinux.com (8.9.3/8.9.3) with ESMTP id SAA28025;
	Wed, 8 Mar 2000 18:59:09 -0800
Received: from www1.turbolinux.com (IDENT:nobody@localhost [127.0.0.1])
	by www1.turbolinux.com (8.9.3/8.9.3) with ESMTP id SAA01592;
	Wed, 8 Mar 2000 18:59:08 -0800
Received: from mail.turbolinux.com (IDENT:rootat_private [38.170.88.25])
	by www1.turbolinux.com (8.9.3/8.9.3) with ESMTP id SAA01490
	for <tl-security-announceat_private>; Wed, 8 Mar 2000 18:58:21 -0800
Received: (from jjohnson@localhost)
	by mail.turbolinux.com (8.9.3/8.9.3) id SAA27989
	for tl-security-announceat_private; Wed, 8 Mar 2000 18:58:21 -0800
Date: Wed, 8 Mar 2000 18:58:20 -0800
From: Jeremiah Johnson <jjohnsonat_private>
To: tl-security-announceat_private
Message-ID: <20000308185820.B27842at_private>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
Subject: [TL-Security-Announce] man-1.5g-5 and earlier TLSA2000004-1
Reply-To: tl-security-announceat_private
Sender: tl-security-announce-adminat_private
Errors-To: tl-security-announce-adminat_private
X-Mailman-Version: 1.1
Precedence: bulk
List-Id: Announcements-only security list <tl-security-announce.www.turbolinux.com>
X-BeenThere: tl-security-announceat_private


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        TurboLinux Security Announcement


        Package:  man-1.5g-5 and earlier
        Date:    Wed Mar  8 14:54:54 PST 2000

        Affected TurboLinux versions: TurboLinux 6.0.2 and earlier
        Vulnerability Type:  possible local root compromise
	TurboLinux Advisory ID#:  TLSA2000004-1
        Credits:  This vulnerability was posted to the Bugtraq mailinglist
	on February 26, 2000 by Michal Zalewski <lcamtufat_private>.
______________________________________________________________________________

A security hole was discovered in the package mentioned above.
Please update the package in your installation as soon as possible or
disable the service.
_____________________________________________________________________________

1. Problem Summary

	The program ' man ' is setguid man.  Unfortuanatly man uses
	system() for most calls, while most parameters are user dependent.
	Using enviromental variables you can buffer overflow man, and gain
	man privileges, or possibly root.
		
2. Impact

	Problems could lead to a malicious local user gaining privileges of the user man or root.

3. Solution

  Update the package from our ftp server by running the following command:

  rpm -Uv ftp_path_to_filename

  Where ftp_path_to_filename is the following:

  ftp://ftp.turbolinux.com/pub/updates/6.0/security/man-1.5h1-1.i386.rpm

  The source rpm can be downloaded here:

  ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/man-1.5h1-1.src.rpm

  **Note: You must rebuild and install the rpm if you choose to download
  and install the srpm.  Simply installing the srpm alone WILL NOT CLOSE THE
  SECURITY HOLE.

  Please verify the md5 checksum of the update before you install:

  MD5 sum				Package Name

- ----------------------------------------------------------------------------
91f4921306e75bafd2d45b8f385eed74  man-1.5h1-1.i386.rpm
347857c4239ceca04889fbac69b41794  man-1.5h1-1.src.rpm
______________________________________________________________________________

You can find more updates on our ftp server:

  ftp://ftp.turbolinux.com/pub/updates/6.0/security/ for TL6.0 Workstation
and Server security updates
  ftp://ftp.turbolinux.com/pub/updates/4.0/security/ for TL4.0 Workstation
and Server security updates

Our webpage for security announcements:

  http://www.turbolinux.com/security

If you want to report vulnerabilities, please contact:
  security-rtat_private
______________________________________________________________________________

Subscribe to the TurboLinux Security Mailing lists:

  TL-security - A moderated list for discussing security issues in
TurboLinux products. Subscribe at
http://www.turbolinux.com/mailman/listinfo/tl-security

  TL-security-announce - An announce-only mailing list for security
updates and alerts. Subscribe at
http://www.turbolinux.com/mailman/listinfo/tl-security-announce
______________________________________________________________________________
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDis8xgRBACKx6P//rFXRM/LpWRZDEFfzTXIvZzjEs7xTbE6CqhZhMgN6+9O
LwaHJzRq/hslHoUDEgxQX0eGB86mu4AaHrzv8ajzGhNhyOzH50qxK8y8ieqDsIkD
OkuYhep1VAyt036yIdXzDMee4M8+z6IFwAip6k4wNWsbCrW6IxRm5iC3gwCgobOS
Zp77Wq/hGnl3cAf3NukYXIED/1wdTCEfMTESTkg++ynBXU9Gw2ylKmvChj2Ew/FJ
ZJobaqmMr47i7aXf0+uu7/gYXmmRKA0B+ZRpmfZbL68ObSuLo7Srvjlv1U9fcTZy
Ja92MJELTmhcQPTmgj+/quIi98IjG6Mky/Ahzi+OcSrecGNdyvRAtK5OGot01ECJ
5O7XA/9K1Og1d4UTNVQS4BP+gyKMVDKRmX7TPyn3oLmwdozjYq7RFtdU2WvNdmpY
l2hHci6sQkgyFddqkCTBujQ0pcaZeVklzrCWUbglu61nhYFHMC9fgJkvvKWD6lOH
XXSiBml77oCIBuPCZxUOwyMUDbGQGRYM49rjzoflRmX1CwinQ7RhU2VjdXJpdHkg
TGlzdCBNb25pdG9yIChUbyBzaWduIHRoaXMga2V5LCBjb250YWN0IGs4ZUB0dXJi
b2xpbnV4LmNvbSkgPHNlY21vbkBtYWlsLnR1cmJvbGludXguY29tPohcBBMRAgAc
BQI4rPMYBQkB4TOABAsKBAMDFQMCAxYCAQIXgAAKCRDt5HtucdAp5CZ5AJ0UqQVG
zFuW+MH8CMIw8wUMmtBZowCgiZOKtPqwdR7OtouUmKTIhUpaNiS0P0thdGllIE1v
dXNzb3VyaXMgKFNlY3VyaXR5IExpc3QgTW9kZXJhdG9yKSA8azhlQHR1cmJvbGlu
dXguY29tPohcBBMRAgAcBQI4rPZEBQkB4TOABAsKBAMDFQMCAxYCAQIXgAAKCRDt
5HtucdAp5IXdAJ9NvehGNPB2r2rB1bM8jtHBLNPnZACfd7GtVb+PZK/BDENxwXuS
8lZITuy5Ag0EOKzzShAIALEu2sabwfahE2norzx2+jAFn+aBJmZDMWEE0z/WrcNQ
rTLXAtJ+mReEADEA/yscRlva2WkhctBic9/bTdXrv4Q6UoX7bs3N2UiqPOeU6YXP
jkKlPQSCLmJ68yrKG1YlpjRizQnCZsA1ylBWP3i+KKUkKDEHn/LUHi0dqWVuYsKu
sCEFoAxW0WWJ0uxDwXUTFIh+qdSbJ+xbgy/Yx6jL2Mro00n6jjp4qRDPJDjOOmqL
93ieniKziNcXS0sW6f2qFq1nKKQeYB0Ga5vGEWJMFxBbnOvutX1tGnqzeieTBKnn
8KBVwtSVI1ZlEuUYPt+RNIE0pL1af2xC56CNpo6fY3MAAwUIAJ47hbcZNkg5GCic
kaktBGs8Gk2fuG33KmlnmQ75oRBeQfaobJ6/xduOQuWHEOZpeyaxVJawu/9FKolN
Wsh0IZzN12HUmSCo28OQJw/SLdSnOk20QQmkcfSYAqU07D0yJtruQ7wpKPTUgQi9
ABPw6G5NFpvx3QIH78ikrAZsxOEAOyCtl8dnQphlRXOQJkJDwklZAStrOqzu2DPj
ytDWh4OJNsMZvPF/CByeal/Qoh4DzHEVflAF0Bje191whiHMpb4sF5EPg4EdfFd1
LrOio+cqFLFU+Pj2Bk22H38CpbJgDpae3mjVUxP2xuSY3/9f9/OdM9mcC45KJ2ue
Vktb+uaITAQYEQIADAUCOKzzSgUJAeEzgAAKCRDt5HtucdAp5L+3AJ9QAJh2IyoW
4hedBTVNW2/mSQG7+wCcDoeJUGJ5TiAHNtd3C1LqnN5FHD0=
=Hh08
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4xw/y7eR7bnHQKeQRAmNyAJ9tAUP2wMwvfO8EdgNHXjlO5V1hGwCdEDYk
EILA153/ik+LTEv7QY89CgE=
=p4dQ
-----END PGP SIGNATURE-----


_______________________________________________
TL-Security-Announce mailing list
TL-Security-Announceat_private
http://www.turbolinux.com/mailman/listinfo/tl-security-announce

--IS0zKkzwUGydFO0o--

• Next message: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
• Previous message: Werner Koch: "Re: PGP Signatures security BUG!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:18 PDT