Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat Linux 6.1/6.2/7.0 RHSA-2000:080-01 Critical: tmpwatch DoS

red hat
Calendar Grey October 7, 2000
Dist Redhat Esm H88
Critical flaw discovered in tmpwatch affecting Red Hat Linux environments, necessitating immediate corrective actions.
tmpwatch as shipped in Red Hat Linux 6.1, 6.2, and 7.0 uses fork() to recursively process subdirectories, enabling a local user to perform a denial of service attack.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

17286 - tmpwatch run from cron allows locale DoS.


6. RPMs required:

Red Hat Linux 6.2:

alpha:


sparc:


i386:


sources:


Red Hat Linux 7.0:

i386:


sources:


7. Verification:

MD5 sum Package Name b8a670944cc54fd39c9eefb79f147ec1 6.2/SRPMS/tmpwatch-2.6.2-1.6.2.src.rpm 39fe4fbf666e5f9a40503134c05046d8 6.2/alpha/tmpwatch-2.6.2-1.6.2.alpha.rpm 84609abc355fde23ce878e4d310766f8 6.2/i386/tmpwatch-2.6.2-1.6.2.i386.rpm f4625e9bc27af011a614eaa146586917 6.2/sparc/tmpwatch-2.6.2-1.6.2.sparc.rpm b1a9201c44a5f921209c9b648ba85ada 7.0/SRPMS/tmpwatch-2.6.2-1.7.src.rpm 8acf394469c47a98fcc589dd0d73b98c 7.0/i386/tmpwatch-2.6.2-1.7.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Thanks go to Internet Security System's X-Force team (xforce@iss.net) for discovering and documenting the local root exploit. Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:080-01
Issue date: 2000-10-06
Updated on: 2000-10-06
Product: Red Hat Linux
Keywords: tmpwatch, fuser, DoS, fork
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 7.0 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here