OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Greg KH (gregwirex.com)
Date: Wed Jan 10 2001 - 14:12:05 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----------------------------------------------------------------------
            Immunix OS Security Advisory Summary

    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-028-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a loads of potential temp file race problems in lots of
      different programs. This came to light due to the "new" linker
      warning message in glibc whenever mktemp(), tempname() or other
      insecure temp file generation functions are used.
      
      This summary message encompasses 12 different packages that we have
      released updates for in order to try to cut down on the amount of
      different email messages that people get.
      
      The packages and versions effected are:
            apache 1.3.14 and also 2.0a9, the htpasswd and htdigest helper programs
            tcpdump arpwatch version 2.1a4
            squid 2.3 STABLE and 2.4
            linuxconf 1.19r through 1.23r, the vpop3d program
            mgetty 1.1.22 and 1.1.23
            gpm 1.19.3
            wu-ftpd 2.6.1, the privatepw program
            inn 2.2.3
            diffutils 2.7, the sdiff program
            getty_ps 2.0.7j
            rdist 6.1.5
            shadow-utils 19990827 and 20000902, the useradd program

      Note that Immunix Linux 7.0 is based off of RedHat 7.0, so it is also
      effected by all of these same problems. Other Linux distros are also
      probably effected by some of these problems.
      
      If anyone wants the specific patch used to fix these problems, or
      wants a more detailed explanation of any of the problems, please feel
      free to ask me.
      
      Thanks go out to Steve Beattie, Chris Wright and Matt Barringer all
      did audits and helped with the patches. And to our boss, Crispin
      Cowan for working to convince WireX management that it was worth our
      time to help fix these problems. Also to all of the maintainers who
      responded so quickly with patches and were willing to listen to
      potential problems, a big thanks (the mgetty author, Gert Doering,
      deserves a special thanks, for being so helpful in fixing stuff.)
      
      And I don't think this is the last of the temp file creation problem
      by any means :)

      Online versions of all Immunix 7.0-beta updates and advisories can be
      found at http://www.immunix.org/ImmunixOS/7.0-beta/updates/

    More details:

    -----------------------------------------------------------------------
    Packages updated: apache
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1308
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-016-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the apache helper
      programs, htdigest and htpasswd. We notified the apache development
      team but never received a response.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      these problems.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_StackGuard_5.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3.14-3_StackGuard_5.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.3.14-3_StackGuard_5.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_StackGuard_5.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/apache-1.3.14-3_StackGuard_5.src.rpm

    md5sums of the packages:
      f7cf8f975ae0d9700ab275040b59168a apache-1.3.14-3_StackGuard_5.i386.rpm
      52d8c4b1e793aad728d4ef89223cf2b2 apache-devel-1.3.14-3_StackGuard_5.i386.rpm
      55b4d805b6004795143d40ba3dad85b8 apache-manual-1.3.14-3_StackGuard_5.i386.rpm
      7b760f570e40ca35ad46d9c4171e64b9 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm
      00dfbcd0d515a70c761ac2e362aae56a apache-1.3.14-3_StackGuard_5.src.rpm

    -----------------------------------------------------------------------
    Packages updated: arpwatch
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1309
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-017-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the arpwatch program
      which is a part of the tcpdump package. This problem had been fixed
      in a more recent version of the arpwatch program.

      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/arpwatch-2.1a10-29_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/libpcap-0.4-29_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/tcpdump-3.4-29_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/tcpdump-3.4-29_StackGuard_2.src.rpm

    md5sums of the packages:
      0dbf7ba916618809d9e6cecd48a74e42 arpwatch-2.1a10-29_StackGuard_2.i386.rpm
      16554cd2e79f2adc5221cd2edaeacfdc libpcap-0.4-29_StackGuard_2.i386.rpm
      2a8f01d35f934ad2d0a32bb7cfa4862e tcpdump-3.4-29_StackGuard_2.i386.rpm
      ac2c2043e98c42a14f0dc057cb65db49 tcpdump-3.4-29_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: squid
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1310
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-018-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the way that the squid
      package sends out email notifying the admin about updating the
      program. This usually only happens if you are running a development
      version of squid, or if the clock on your system is incorrect.
      
      The squid maintainers have applied a patch to fix this, and can be
      found in latest version of both the development and stable releases of
      squid. Thanks go out to them for responding so quickly.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/squid-2.3.STABLE4-1_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/squid-2.3.STABLE4-1_StackGuard_2.src.rpm

    md5sums of the packages:
      93582c5f73e270f9a83782e9baad3391 squid-2.3.STABLE4-1_StackGuard_2.i386.rpm
      8f8edf4295f4edce2af8a32df6a3348f squid-2.3.STABLE4-1_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: linuxconf
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1311
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-019-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the vpop3d program in
      the linuxconf package
      
      The linuxconf maintainers have applied a patch to fix this, and have
      made a new release with this fix in it. Thanks go out to them for
      responding so quickly.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-1.19r2-4_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-devel-1.19r2-4_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/linuxconf-1.19r2-4_StackGuard_2.src.rpm

    md5sums of the packages:
      89ca758bceb7e2b97c0da2997c63a8f6 linuxconf-1.19r2-4_StackGuard_2.i386.rpm
      4db4d6d89a438dbf421b6e5030f234cd linuxconf-devel-1.19r2-4_StackGuard_2.i386.rpm
      3422438e1fec2e8ef880696e616cd833 linuxconf-1.19r2-4_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: mgetty
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1312
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-020-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the mgetty program.
      
      The mgetty maintainer has applied a patch to fix this, and have made a
      new release with this fix in it. Thanks go out to them for responding
      so quickly.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-1.1.24-1_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-sendfax-1.1.24-1_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-viewfax-1.1.24-1_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-voice-1.1.24-1_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/mgetty-1.1.24-1_StackGuard_2.src.rpm

    md5sums of the packages:
      ddf613be0fed657c4a4dc0f1b9376486 mgetty-1.1.24-1_StackGuard_2.i386.rpm
      700b540da49532efea426ee84af6bcff mgetty-sendfax-1.1.24-1_StackGuard_2.i386.rpm
      ed1f381a8ce63c20dcdc23b2373ed4aa mgetty-viewfax-1.1.24-1_StackGuard_2.i386.rpm
      402e3d274f41e9405c5dac854a890884 mgetty-voice-1.1.24-1_StackGuard_2.i386.rpm
      7e60d99ce1cf12da1b1671b72dc893bc mgetty-1.1.24-1_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: gpm
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1313
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-021-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the gpm program.
      
      The gpm package is currently unmaintained, but the author has placed a
      patch to fix this in the updates directory for the gpm program.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-1.19.3-4_StackGuard_2.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-devel-1.19.3-4_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/gpm-1.19.3-4_StackGuard_2.src.rpm

    md5sums of the packages:
      657dfa541b202e011b823e68944e4e28 gpm-1.19.3-4_StackGuard_2.i386.rpm
      b8a37d6220b262636e9df9e24f81f36b gpm-devel-1.19.3-4_StackGuard_2.i386.rpm
      52a25925229d052ffe68c109d42350fb gpm-1.19.3-4_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: wu-ftpd
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1314
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-022-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the privatepw helper
      program in the wu-ftpd package.
      
      The maintainers of the wu-ftpd package have placed a patch to fix this
      on their ftp site. Thanks go out to them for responding so quickly
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/wu-ftpd-2.6.1-6_StackGuard_2.src.rpm

    md5sums of the packages:
      0259bb98f5f81b87f39504f748818a3f wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm
      b941f7411d925af70405ba10fd1c3db3 wu-ftpd-2.6.1-6_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: inn
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1315
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-023-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the inn program. This
      is partly due to the way that the inn program is compiled and set up
      on Immunix Linux, and partly due to the lack of information in the inn
      program detailing potential security problems if you do not tell inn
      to use a private temporary directory. We have applied a patch that
      creates temporary files safely for inn, AND moved all temp file
      creation by inn into it's own private directory which should solve
      this problem.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inews-2.2.3-3_StackGuard_3.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-2.2.3-3_StackGuard_3.i386.rpm
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-devel-2.2.3-3_StackGuard_3.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/inn-2.2.3-3_StackGuard_3.src.rpm

    md5sums of the packages:
      ead2af814ce19919c1b9f3a5cb6db853 inews-2.2.3-3_StackGuard_3.i386.rpm
      feea622aca6a5b217e42f11df025fa90 inn-2.2.3-3_StackGuard_3.i386.rpm
      0fe0bad19dcde112b83e803023b85c9f inn-devel-2.2.3-3_StackGuard_3.i386.rpm
      25676fde907a0b71f665512bdf1b2aa8 inn-2.2.3-3_StackGuard_3.src.rpm

    -----------------------------------------------------------------------
    Packages updated: diffutils
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1316
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-024-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the sdiff program within
      the diffutils package.
      
      A patch has been applied that fixes this problem, and the maintainers
      assure us that an updated release of the diffutils package will occur
      in the future with this problem solved.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/diffutils-2.7-21_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/diffutils-2.7-21_StackGuard_2.src.rpm

    md5sums of the packages:
      af961df849ad223552a8dbc59f768cc9 diffutils-2.7-21_StackGuard_2.i386.rpm
      c1e02bb7f3bd0519844edd8cbd8e34ea diffutils-2.7-21_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: getty_ps
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1317
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-025-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the getty_ps program.
      
      A patch has been applied that fixes this problem, however the
      maintainer of the program never responded to our email message about
      this problem.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/getty_ps-2.0.7j-12_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/getty_ps-2.0.7j-12_StackGuard_2.src.rpm

    md5sums of the packages:
      ebe7518773d6598ef520233236488b7a getty_ps-2.0.7j-12_StackGuard_2.i386.rpm
      22576dbf9d22ee4bb16811bddc9abd00 getty_ps-2.0.7j-12_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: rdist
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1318
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-026-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the rdist program.
      
      The maintainer has been notified of this problem, and will release an
      update sometime in the future fixing this. A patch has been applied
      to our package that fixes the problem now.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/rdist-6.1.5-14_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/rdist-6.1.5-14_StackGuard_2.src.rpm

    md5sums of the packages:
      b4bb7dfa02cd2d5e3607295a030e3c48 rdist-6.1.5-14_StackGuard_2.i386.rpm
      1a4209df60484be6792b8938b9649a5d rdist-6.1.5-14_StackGuard_2.src.rpm

    -----------------------------------------------------------------------
    Packages updated: shadow-utils
    Effected products: Immunix OS 7.0-beta
    Bugs Fixed: immunix/1319
    Date: January 10, 2000
    Advisory ID: IMNX-2000-70-027-01
    Author: Greg Kroah-Hartman <gregwirex.com>
    -----------------------------------------------------------------------

    Description:
      In an internal audit conducted while preparing Immunix Linux 7.0 we
      noticed a potential temp file race problem in the useradd program
      within the shadowutils package. The useradd program creates its temp
      files in the protected directory /etc/default, but if this directory
      is changed to world writable, a problem could occur.
      
      The maintainer has been notified of this problem, and will release an
      update sometime in the future fixing this. A patch has been applied
      to our package that fixes this very minor problem now.
      
      Packages have been created and released for Immunix 7.0 beta to fix
      this problem.

    Package names and locations:
      Precompiled binary package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/shadow-utils-19990827-18_StackGuard_2.i386.rpm

      Source package for Immunix 7.0 beta is available at:
        http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/shadow-utils-19990827-18_StackGuard_2.src.rpm

    md5sums of the packages:
      e72dbcf083d4de74ca37411e3e0901bc shadow-utils-19990827-18_StackGuard_2.i386.rpm
      39524e6160e402d4d1997f408c0846a0 shadow-utils-19990827-18_StackGuard_2.src.rpm

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.3 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6XMIVAl5ylTeuKpURAgkYAKDbrlq60O+Bsp8pEemRw0h05ItypQCgkgdi
    utk0ABG6V3BjYsqZjUC1nfs=
    =ZMcd
    -----END PGP SIGNATURE-----

    _______________________________________________
    Stackguard mailing list
    Stackguardmail.wirex.com
    http://mail.wirex.com/mailman/listinfo/stackguard