Red Hat 6.2 RHSA-2000:048-02 Critical: Mailx Local Access Exploit

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

15625 - Root exploit alread posted on bugtraq 15630 - Root exploit in sperl 15641 - suidperl has a major problem

6. RPMs required:

Red Hat Linux 5.0, 5.1, 5.2:

sparc:

alpha:

i386:

sources:

Red Hat Linux 6.0, 6.1, 6.2:

sparc:

i386:

alpha:

sources:

7. Verification:

MD5 sum Package Name c514911db4ce13fc32af5b59233d5dc9 5.2/SRPMS/mailx-8.1.1-16.src.rpm 7440313c13c65142c75e35d32b5807c3 5.2/SRPMS/perl-5.004m7-2.src.rpm 430fca595dd42648239b8ad475032c9c 5.2/alpha/mailx-8.1.1-16.alpha.rpm 876b94f7d4fd4d92142f44de51045591 5.2/alpha/perl-5.004m7-2.alpha.rpm fd9d44b8aeadc36bd871dd8e2d6211c4 5.2/i386/mailx-8.1.1-16.i386.rpm 0a1f47cacb891c03b351211d4fe825ed 5.2/i386/perl-5.004m7-2.i386.rpm 376f28398c607b4af12d06babbd7e098 5.2/sparc/mailx-8.1.1-16.sparc.rpm 24e61c42e5a22dbbc929264a1ddc3869 5.2/sparc/perl-5.004m7-2.sparc.rpm 30d2f82abfba4ac2c770b66c591d528f 6.2/SRPMS/mailx-8.1.1-16.src.rpm 5cfe855e78b1ed7672e4daa738093f2c 6.2/SRPMS/perl-5.00503-11.src.rpm 25497e13b1d30f3dcff365602f78208a 6.2/alpha/mailx-8.1.1-16.alpha.rpm 452714b1ddfd479cb683b21ca54d27a3 6.2/alpha/perl-5.00503-11.alpha.rpm c121c2076bae78f42afcf9f0357549b9 6.2/i386/mailx-8.1.1-16.i386.rpm ff573609cbe0de0fe72838b0139992da 6.2/i386/perl-5.00503-11.i386.rpm 6464e30268ba05a2ca938b38805a9256 6.2/sparc/mailx-8.1.1-16.sparc.rpm fa63980aed3bdd2c9c14dcca6745c56c 6.2/sparc/perl-5.00503-11.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg