RE: [RHSA-2001:165-08] The uuxqt utility can be used to execute a rbitrary commands as uucp.uucp

From: John.Aireyat_private
Date: Fri Jan 18 2002 - 03:39:20 PST

Next message: Jon Zobrist: "sltrib.com, using nacorp.com's web forms are submitted insecurely, and are clearly promoted as being secure"

Previous message: Tekno pHReak: "Timbuktu 6.0.1 and Older DoS Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>-----Original Message-----
>From: bugzillaat_private [mailto:bugzillaat_private]
>Sent: 17 January 2002 19:14
>To: redhat-watch-listat_private
>Cc: bugtraqat_private; linux-securityat_private
>Subject: [RHSA-2001:165-08] The uuxqt utility can be used to execute
>arbitrary commands as uucp.uucp
[snip]
>3. Problem description:
>
>Please note Red Hat Linux 7.2 is not vulnerable to this bug.
>
>Please also note that Red Hat Linux 7.2 uses a different 
>locking scheme to
>previous versions, and so the 7.2 packages should not be 
>applied to Red Hat
>Linux 7.0 or 7.1 systems.  Use the packages from this errata instead.
>
>Conversely, the packages from this errata should not be applied to
>a Red Hat Linux 7.2 system
[snip]
>
>Red Hat Linux 7.2:
>
>SRPMS:
>ftp://updates.redhat.com/7.2/en/os/SRPMS/uucp-1.06.1-32.src.rpm
>
>i386:
>ftp://updates.redhat.com/7.2/en/os/i386/uucp-1.06.1-32.i386.rpm
>
>ia64:
>ftp://updates.redhat.com/7.2/en/os/ia64/uucp-1.06.1-32.ia64.rpm
>
>
>[final snip]

Can someone please explain this contradictory security notice? If the
security vulnerability does not apply to RedHat 7.2, why is this listed as
an affected system together with an update?

Also, why the warning to not apply packages from this errata to RedHat 7.2.
I assume that means the 7.0 and 7.1 packages, but that isn't made clear.

- 
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Aireyat_private 

Agnostic (Greek) = Ignoramus (Latin)

- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk

Next message: Jon Zobrist: "sltrib.com, using nacorp.com's web forms are submitted insecurely, and are clearly promoted as being secure"
Previous message: Tekno pHReak: "Timbuktu 6.0.1 and Older DoS Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 21 2002 - 13:30:58 PST