> DESCRIPTION: > I found a buffer overflow vunerability on the > /usr/bin/dsh (dqs 3.2.7 > package). > > I really don't know if this bug was discovered > already. if thats right, > then sorry =). No, this is yet unknown to securityat_private > If a long line on the first argument is gived, the > program gives a SIGSEGV > signal. > > This bug was reported to Drake Diedrich, Mantainer > for dqs > (Drake.Diedrichat_private). > > AFFECTED: > SusE 6.3, 6.4, 7.0 have the dqs 3.2.7 by default > an then it are vunerable, > maybe others. I confirm this vulnerability and that dqs has the setuid bit on the file /usr/bin/dsh, but the package (as a package in the clustering series) is not installed by default. The fix (to remove the suid bit) is correct. If you have selected to set the variable PERMISSION_SECURITY in /etc/rc.config to "secure local" in SuSE-7.1 (recommended for security-enhanced settings), you are not vulnerable. On SuSE-7.1, in addition to the chmod command below, change the files /etc/permissions.*, too, to reflect the removed suid bit. If you do not need the dqs package, simply remove it using the command rpm -e dqs Of course, we will provide update packages as soon as possible. > FIX: > Remove the SUID permission > |root@netdex /root|# ls -la /usr/bin/dsh > -rwsr-xr-x 1 root root 502748 May 18 > 00:36 /usr/bin/dsh > |root@netdex /root|# chmod -s /usr/bin/dsh > |root@netdex /root|# ls -la /usr/bin/dsh > -rwxr-xr-x 1 root root 502748 May 18 Regards, Roman Drahtmüller, SuSE Security. -- - - | Roman Drahtmüller <drahtat_private> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
This archive was generated by hypermail 2b30 : Sat May 19 2001 - 11:46:50 PDT