Package usermode, PAM
Synopsis New version of usermode fixes security bug
Advisory ID RHSA-2000:001-03
Issue Date 2000-01-04
Updated on 2000-01-07
Keywords root userhelper pam


1. Topic:
A security bug has been discovered and fixed in the userhelper program.

2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem.

2. Problem description:
A security bug was found in userhelper; the bug can be exploited to provide local users with root access.

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue.

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:
Red Hat Linux 6.1, all architectures

5. Obsoleted by:
None

6. Conflicts with:
None

7. RPMs required:

Intel:

pam-0.68-10.i386.rpm
usermode-1.18-1.i386.rpm

Alpha:

pam-0.68-10.alpha.rpm
usermode-1.18-1.alpha.rpm

SPARC:

pam-0.68-10.sparc.rpm
usermode-1.18-1.sparc.rpm

Source:

pam-0.68-10.src.rpm
usermode-1.18-1.src.rpm

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

 -------------------------------------------------------------------------
bffd4388103fa99265e267eab7ae18c8  i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881  i386/usermode-1.18-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee  alpha/usermode-1.18-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02  sparc/usermode-1.18-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa  SRPMS/usermode-1.18-1.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

10. References:
Thanks to dildog@l0pht.com for finding this bug.

RedHat: userhelper vulnerability

A security bug was found in userhelper; the bug can be exploited to provide local users with root access.

Summary



Summary

A security bug was found in userhelper; the bug can be exploited toprovide local users with root access.

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has beenmodified to help prevent similar attacks on other software in the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue.

3. Bug IDs fixed: (see bugzilla for more information)


Solution



For each RPM for your particular architecture, run:


rpm -Uvh filename


where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

bffd4388103fa99265e267eab7ae18c8  i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881  i386/usermode-1.18-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee  alpha/usermode-1.18-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02  sparc/usermode-1.18-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa  SRPMS/usermode-1.18-1.src.rpm


These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.








References

Thanks to dildog@l0pht.com for finding this bug.

Package List


Severity

Topic


Topic

A security bug has been discovered and fixed in the userhelper program.

2000-01-07: usermode-1.17 introduced a bug that caused a segmentation

fault in userhelper in some configurations, fixed in

usermode-1.18.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix

a dependency problem.


 

Relevant Releases Architectures

Red Hat Linux 6.1, all architectures

5. Obsoleted by:

None

6. Conflicts with:

None

7. RPMs required:

Intel:

pam-0.68-10.i386.rpm

usermode-1.18-1.i386.rpm

Alpha:

pam-0.68-10.alpha.rpm

usermode-1.18-1.alpha.rpm

SPARC:

pam-0.68-10.sparc.rpm

usermode-1.18-1.sparc.rpm

Source:

pam-0.68-10.src.rpm

usermode-1.18-1.src.rpm


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved