OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Conectiva Linux security announcement - usermode
From: secureCONECTIVA.COM.BR
Date: Thu Aug 10 2000 - 14:05:51 CDT


----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE : usermode
SUMMARY : Console users can obtain root privileges
DATE : 2000-08-10
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, e-commerce
                              and graphic tools

DESCRIPTION
The usermode package, along with pam_console, allows console users to
execute some privileged commands, like reboot or halt. It is required
that these users have shell and console access and that they provide
their password.
The shutdown command is one of those privileged commands, and console
users can issue this command to switch to runlevel 1, thus obtaining
root privileges.

SOLUTION
All users should upgrade immediately. The new usermode package does not
provide this funcionality for the shutdown command anymore. "reboot" and
"halt", among others, are still honored.
Administrators who do not want normal users to be able to execute these
commands at the console should remove the usermode package entirely.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/usermode-1.19-3cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/usermode-1.19-3cl.src.rpm

----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be obtained at
http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br