Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat Linux 6.x-7.0 RHSA-2000:075-07 Critical: Usermode Exploit

red hat
Calendar Grey November 10, 2000
Dist Redhat Esm H88
Updated user control modules for Red Hat Linux focusing on mitigating security weaknesses and risks via userhelper privilege adjustments.
Becauseprograms invoked by userhelper are not actually running setuid-root,security measures built into recent versions of glibc are not active.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

18046 - Another security hole in usermode/glibc 19034 - shutdown wrapper references non-existent /usr/sbin/shutdown 20160 - shutdown script contains call to /usr/sbin/shutdown, which doesn't exist 20027 - /usr/sbin/userhelper dies in segmentation fault


6. RPMs required:

Red Hat Linux 6.0:

sparc:


i386:


alpha:


sources:


Red Hat Linux 6.1:

alpha:


sparc:


i386:


sources:


Red Hat Linux 6.2:

alpha:


sparc:


i386:


sources:


Red Hat Linux 7.0:

i386:

sources:

7. Verification:

MD5 sum Package Name 3310677ae7403c683e7947cd86b19344 6.0/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.0/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.0/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.0/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.0/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.0/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.0/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.0/sparc/usermode-1.37-1.6.sparc.rpm 3310677ae7403c683e7947cd86b19344 6.1/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.1/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.1/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.1/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.1/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.1/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.1/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.1/sparc/usermode-1.37-1.6.sparc.rpm 3310677ae7403c683e7947cd86b19344 6.2/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.2/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.2/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.2/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.2/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.2/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.2/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.2/sparc/usermode-1.37-1.6.sparc.rpm ede9b759a01552a261c67ebf0238794a 7.0/SRPMS/usermode-1.37-2.src.rpm c32888b6f362b04f8a3805d4465c042a 7.0/i386/usermode-1.37-2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

N/A Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:075-07
Issue date: 2000-10-05
Updated on: 2000-11-08
Product: Red Hat Linux
Keywords: usermode format-string
Cross references: N/A

Topic

Relevant Releases Architectures

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2EE - i386, alpha, sparc

Red Hat Linux 7.0 - i386

Red Hat Linux 7.0J - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here