-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-securityat_private openpkgat_private OpenPKG-SA-2002.007 30-Jul-2002 ________________________________________________________________________ Package: mm Vulnerability: local root exploit OpenPKG Specific: no Affected Releases: OpenPKG 1.0 OpenPKG CURRENT Affected Packages: <= mm-1.1.3-1.0.0 <= mm-1.1.3 Corrected Packages: >= mm-1.1.3-1.0.1 >= mm-1.2.0 Dependent Packages: apache apache Description: Marcus Meissner and Sebastian Krahmer discovered a race condition on creating temporary files in the OSSP mm library. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2002-0658 [5] to the problem. The bug affects all programs which are linked with OSSP mm. This may allow an attacker to conduct a local root exploit. OSSP mm is often used in Apache setups using mod_ssl and/or mod_php. Here the vulnerability can be exploited to obtain root privilege if shell access to the Apache run-time user is already obtained. Please check whether you are affected by running "<prefix>/bin/rpm -q mm". If you have the "mm" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution). Additionally, we recommend that you rebuild and reinstall all dependent OpenPKG packages, too. [2] Solution: Select the updated source RPM appropriate for your OpenPKG release [4], fetch it from the OpenPKG FTP service [3] or a mirror location, verify its integrity [1], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [2]. For the latest OpenPKG 1.0 release, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.0/UPD ftp> get mm-1.1.3-1.0.1.src.rpm ftp> bye $ <prefix>/bin/rpm --checksig mm-1.1.3-1.0.1.src.rpm $ <prefix>/bin/rpm --rebuild mm-1.1.3-1.0.1.src.rpm $ su - # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/mm-1.1.3-1.0.1.*.rpm Now proceed and rebuild and reinstall all dependent OpenPKG packages, too. [6] ________________________________________________________________________ References: [1] http://www.openpkg.org/security.html#signature [2] http://www.openpkg.org/tutorial.html#regular-source [3] ftp://ftp.openpkg.org/release/1.0/UPD/ [4] ftp://ftp.openpkg.org/release/1.0/UPD/mm-1.1.3-1.0.1.src.rpm [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 [6] ftp://ftp.openpkg.org/release/1.0/UPD/apache-1.3.22-1.0.4.src.rpm ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkgat_private>" (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkgat_private> iEYEARECAAYFAj1GjiIACgkQgHWT4GPEy5+dRwCdGCpZ3TCpxh39dB0ZgbieXvLd QiQAoOUJCijAwnAaHGdf/cVC3RhFDISy =LA85 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 07:27:01 PDT