OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Security Update: DoS on gpm
From: Technical Support (supportPHOENIX.CALDERASYSTEMS.COM)
Date: Thu Jul 20 2000 - 11:27:35 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc. Security Advisory

Subject: DoS on gpm
Advisory number: CSSA-2000-024.0
Issue date: 2000 July, 6
Cross reference:
______________________________________________________________________________

1. Problem Description

   There are security problems within gpm (General Purpose Mouse support
   daemon) which allow removal of system files and also exhibit a local
   denial of service attack.

2. Vulnerable Versions

   System Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3 All packages previous to
                                gpm-1.17.8-5

   OpenLinux eServer 2.3 All packages previous to
   and OpenLinux eBuilder gpm-1.17.8-5

   OpenLinux eDesktop 2.4 All packages previous to
                                gpm-1.19.2-4

3. Solution

   Workaround:

   none

   We recommend our users to upgrade to the new packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       bdcc5caf3e4cf4abb3081ef6e2049a61 RPMS/gpm-1.17.8-5.i386.rpm
       7436e49533e64d7a737c920bbc874299 RPMS/gpm-devel-1.17.8-5.i386.rpm
       f9c19f994238fa507d4e5505ebd78b59 RPMS/gpm-devel-static-1.17.8-5.i386.rpm
       c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F gpm-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       061e6d50414c0c024547e29c3e1a0737 RPMS/gpm-1.17.8-5.i386.rpm
       79633f3258b8bcbdff2fdd733e262e10 RPMS/gpm-devel-1.17.8-5.i386.rpm
       0fa3527333421bf90f844376ff692d9d RPMS/gpm-devel-static-1.17.8-5.i386.rpm
       c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F gpm-*.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       3f83840592100ea6a770070e11f4d9d9 RPMS/gpm-1.19.2-4.i386.rpm
       f223771658eef771a5f93b09dc50c281 RPMS/gpm-devel-1.19.2-4.i386.rpm
       7a50dd9a854ed30365cf535850d39420 RPMS/gpm-devel-static-1.19.2-4.i386.rpm
       c43abbdd533ac0d9a247eb13dfbb5bb4 SRPMS/gpm-1.19.2-4.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

            rpm -F gpm-*.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 7297.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgement

   Caldera Systems wishes to thank Ian Zimmermann for providing the fix.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5dp+V18sy83A/qfwRAhCfAJ934cwOj+vi8taarVCA1w8jqf33CwCcDss6
I0IGl8DR0aWD4MIRqQsUcaM=
=hoSC
-----END PGP SIGNATURE-----