Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Red Hat Powertools 6.1 RHSA-2000:005-05 Critical: Majordomo Exec Threat

red hat
Calendar Grey May 31, 2000
Dist Redhat Esm H88
Critical elevate privilege issues within Majordomo have been resolved through updated packages, essential for protection.
A vulnerability in resend and wrapper will allow execution of arbitrary commands with elevated privileges.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Once the package is installed, become "root" and execute this command:

chmod o-x /usr/lib/majordomo/wrapper

5. Bug IDs fixed ( for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.1:

intel:

alpha:

sparc:

sources:

7. Verification:

MD5 sum Package Name ad994a1742d90a593b8ecfbf52634cd7 6.1/SRPMS/majordomo-1.94.5-2.src.rpm 8c829a13c2229060c899ffdc7e7db38c 6.1/alpha/majordomo-1.94.5-2.alpha.rpm f0e22f364abcbe4c217f2b8eb180037d 6.1/i386/majordomo-1.94.5-2.i386.rpm 89e327c6c92acc97db34e541f34c0c67 6.1/sparc/majordomo-1.94.5-2.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in resend, to Shevek at shevek@anarres.org and Olaf Kirch at okir@monad.swb.de for noting the vulnerability in the wrapper. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:005-05
Issue date: 2000-01-20
Updated on: 2000-05-31
Product: Red Hat Powertools
Keywords: majordomo
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Powertools 6.1 - i386 alpha sparc

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.