Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Red Hat 5.x, 6.x: RHSA-2000:117-01 Critical: Bash DoS Attack

Calendar Nov 27, 2000 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service update red hat critical bash exploit bash
The << operator in bash 1.x used predictable filenames, leading to a potentialdenial of service attack. ` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated bash (1.x) packages for Red Hat Linux 5.x, 6.x
available
Advisory ID:       RHSA-2000:117-01
Issue date:        2000-11-27
Updated on:        2000-11-27
Product:           Red Hat Linux
Keywords:          bash bash1 security exploit << denial of service
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Updated bash (1.x) packages for Red Hat Linux 5.x and 6.x, fixing a security
problem, are available.

2. Relevant releases/architectures:

Red Hat Linux 5.0 - i386, alpha, sparc
Red Hat Linux 5.1 - i386, alpha, sparc
Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc

3. Problem description:

The << operator in bash 1.x used predictable filenames, leading to a potential
denial of service attack.

A local user account is required to exploit the security leak.

4. Solution:

For each RPM for your particular architecture, run:



rpm -Fvh [filename]



where filename is the name of the RPM.

5. Bug IDs fixed  ( for more info):

21292 - bash creates insecure tmp files

6. RPMs required:

Red Hat Linux 5.2:

alpha: 

sparc: 

i386: 

sources: 

Red Hat Linux 6.2:

alpha: 

sparc: 

i386: 

sources: 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
e2eba8b1e7a15821046febdff1961508  5.2/SRPMS/bash-1.14.7-23.5x.src.rpm
002c01664380a1f084caf320dd058f3a  5.2/alpha/bash-1.14.7-23.5x.alpha.rpm
da6d41c36fcb4b28f9a4731c6785cb8d  5.2/i386/bash-1.14.7-23.5x.i386.rpm
f28847e9beae06113e58455a5133a1ca  5.2/sparc/bash-1.14.7-23.5x.sparc.rpm
23b421bbc697b9c57a7d413ece9e4df2  6.2/SRPMS/bash-1.14.7-23.6x.src.rpm
19ed96c0935ef630215736d242911c98  6.2/alpha/bash-1.14.7-23.6x.alpha.rpm
9fe492b13c08e7993a918d0395fda486  6.2/i386/bash-1.14.7-23.6x.i386.rpm
1a92e61a4d5c7989b26d687dfe881a5c  6.2/sparc/bash-1.14.7-23.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.
`

Red Hat 5.x, 6.x: RHSA-2000:117-01 Critical: Bash DoS Attack

red hat
Calendar Grey November 27, 2000
Dist Redhat Esm H88
Ubuntu announcement discloses updated kernel components that tackle potential system instability issues arising from repetitive naming conventions.
The << operator in bash 1.x used predictable filenames, leading to a potentialdenial of service attack.

Solution

For each RPM for your particular architecture, run:



rpm -Fvh [filename]



where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

21292 - bash creates insecure tmp files

6. RPMs required:

Red Hat Linux 5.2:

alpha:

sparc:

i386:

sources:

Red Hat Linux 6.2:

alpha:

sparc:

i386:

sources:

7. Verification:

MD5 sum Package Name e2eba8b1e7a15821046febdff1961508 5.2/SRPMS/bash-1.14.7-23.5x.src.rpm 002c01664380a1f084caf320dd058f3a 5.2/alpha/bash-1.14.7-23.5x.alpha.rpm da6d41c36fcb4b28f9a4731c6785cb8d 5.2/i386/bash-1.14.7-23.5x.i386.rpm f28847e9beae06113e58455a5133a1ca 5.2/sparc/bash-1.14.7-23.5x.sparc.rpm 23b421bbc697b9c57a7d413ece9e4df2 6.2/SRPMS/bash-1.14.7-23.6x.src.rpm 19ed96c0935ef630215736d242911c98 6.2/alpha/bash-1.14.7-23.6x.alpha.rpm 9fe492b13c08e7993a918d0395fda486 6.2/i386/bash-1.14.7-23.6x.i386.rpm 1a92e61a4d5c7989b26d687dfe881a5c 6.2/sparc/bash-1.14.7-23.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

Topics%20covered

Topics Covered

security advisory denial of service update red hat critical bash exploit bash

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:117-01
Issue date: 2000-11-27
Updated on: 2000-11-27
Product: Red Hat Linux
Keywords: bash bash1 security exploit << denial of service
Cross references: N/A

Topic

Topics%20covered

Topics Covered

security advisory denial of service update red hat critical bash exploit bash

Relevant Releases Architectures

Red Hat Linux 5.0 - i386, alpha, sparc

Red Hat Linux 5.1 - i386, alpha, sparc

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2EE - i386, alpha, sparc

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here