NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Mandrake update for eroaster

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Aug 20 2003 - 02:47:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Mandrake update for eroaster

READ ONLINE:
http://www.secunia.com/advisories/9568/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Mandrake Linux 9.x
Mandrake Corporate Server 2.x

DESCRIPTION:
MandrakeSoft has issued updated packages for eroaster. These fix a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

The problem is that eroaster creates a temporary lockfile in an
insecure manner. This can be exploited to overwrite arbitrary files
with the privileges of the user running eroaster.

SOLUTION:
Upgrade automatically using MandrakeUpdate or manually by downloading
the updated packages from one of MandrakeSoft's FTP server mirrors:

http://www.mandrakesecure.net/en/ftp.php

Updated Packages:

Corporate Server 2.1:
381dd0ff7119ea907f3e7c91125ed3d4
corporate/2.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
859fd6b2fe922be90f2594e4b7e0a8f5
corporate/2.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm

Mandrake Linux 9.0:
381dd0ff7119ea907f3e7c91125ed3d4
9.0/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
859fd6b2fe922be90f2594e4b7e0a8f5
9.0/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm

Mandrake Linux 9.1:
24914649a0aefd1733b474e44509baf0
9.1/RPMS/eroaster-2.1.0-6.1mdk.noarch.rpm
859fd6b2fe922be90f2594e4b7e0a8f5
9.1/SRPMS/eroaster-2.1.0-6.1mdk.src.rpm

ORIGINAL ADVISORY:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:083

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]