Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat Powertools RHSA-2000:122-06 Critical: Diskcheck Race Issue

Calendar Dec 05, 2000 User Avatar LinuxSecurity Advisories
1 - 2 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory critical issue Red Hat Powertools diskcheck race condition system integrity file corruption
A race vulnerability exists in the diskcheck package. ` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          race condition exists in diskcheck
Advisory ID:       RHSA-2000:122-06
Issue date:        2000-12-01
Updated on:        2000-12-08
Product:           Red Hat Powertools
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

A race vulnerability exists in the diskcheck package.

2. Relevant releases/architectures:

Red Hat Powertools 6.0 - noarch
Red Hat Powertools 6.1 - noarch
Red Hat Powertools 6.2 - noarch
Red Hat Powertools 7.0 - noarch

3. Problem description:

A race vulnerability exists where a user can replace the tempfile used by
diskcheck with symlinks to other files on the system, making it possible to
corrupt those files.

This update fixes the vulnerability as well as problems with diskcheck
sending mail if /var is on a full partition.

All users should upgrade to the version below.

NOTE: The version of diskcheck shipped in Powertools 7 does not have the
race condition, but should be upgraded to fix the problem with /var
being on a full partition.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

11724 - tempfile has easily guessed name and follows symlinks
21901 - diskcheck sends empty email if filesystem where tmp file is created
fills up


6. RPMs required:

Red Hat Powertools 6.2:

noarch:

sources:

Red Hat Powertools 7.0:

noarch:

sources:

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
33ec0067e449f3411982f3280d5b51a7  6.2/SRPMS/diskcheck-3.1.1-12.src.rpm
ad5b2b48440b9ce431bd31b9d28bde92  6.2/noarch/diskcheck-3.1.1-12.noarch.rpm
b7670bab7d16b9903735728c65c1a971  7.0/SRPMS/diskcheck-3.1.1-12.src.rpm
e54d258f082219443106341074cecdbf  7.0/noarch/diskcheck-3.1.1-12.noarch.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

N/A


Copyright(c) 2000 Red Hat, Inc.
`

Red Hat Powertools RHSA-2000:122-06 Critical: Diskcheck Race Issue

red hat
Calendar Grey December 5, 2000
Dist Redhat Esm H88
Improvements made to concurrency management in diskcheck have been established to maintain system integrity and prevent data loss.
A race vulnerability exists in the diskcheck package.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

11724 - tempfile has easily guessed name and follows symlinks 21901 - diskcheck sends empty email if filesystem where tmp file is created fills up


6. RPMs required:

Red Hat Powertools 6.2:

noarch:

sources:

Red Hat Powertools 7.0:

noarch:

sources:

7. Verification:

MD5 sum Package Name 33ec0067e449f3411982f3280d5b51a7 6.2/SRPMS/diskcheck-3.1.1-12.src.rpm ad5b2b48440b9ce431bd31b9d28bde92 6.2/noarch/diskcheck-3.1.1-12.noarch.rpm b7670bab7d16b9903735728c65c1a971 7.0/SRPMS/diskcheck-3.1.1-12.src.rpm e54d258f082219443106341074cecdbf 7.0/noarch/diskcheck-3.1.1-12.noarch.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

Topics%20covered

Topics Covered

security advisory critical issue Red Hat Powertools diskcheck race condition system integrity file corruption

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:122-06
Issue date: 2000-12-01
Updated on: 2000-12-08
Product: Red Hat Powertools
Keywords: N/A
Cross references: N/A

Topic

Topics%20covered

Topics Covered

security advisory critical issue Red Hat Powertools diskcheck race condition system integrity file corruption

Relevant Releases Architectures

Red Hat Powertools 6.0 - noarch

Red Hat Powertools 6.1 - noarch

Red Hat Powertools 6.2 - noarch

Red Hat Powertools 7.0 - noarch

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here