|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Conectiva Linux security announcement - usermode
From: secure
CONECTIVA.COM.BRDate: Thu Aug 10 2000 - 14:05:51 CDT
- Next message: |Zan: "[DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)"
- Previous message: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - netscape"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE : usermode
SUMMARY : Console users can obtain root privileges
DATE : 2000-08-10
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, e-commerce
and graphic tools
DESCRIPTION
The usermode package, along with pam_console, allows console users to
execute some privileged commands, like reboot or halt. It is required
that these users have shell and console access and that they provide
their password.
The shutdown command is one of those privileged commands, and console
users can issue this command to switch to runlevel 1, thus obtaining
root privileges.
SOLUTION
All users should upgrade immediately. The new usermode package does not
provide this funcionality for the shutdown command anymore. "reboot" and
"halt", among others, are still honored.
Administrators who do not want normal users to be able to execute these
commands at the console should remove the usermode package entirely.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/usermode-1.19-3cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/usermode-1.19-3cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be obtained at
http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br
- Next message: |Zan: "[DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)"
- Previous message: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - netscape"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]