Red Hat, Inc. Security Advisory
  
Package usermode, PAM  
 
Synopsis New version of usermode fixes security bug  
 
Advisory ID RHSA-2000:001-03  
 
Issue Date 2000-01-04  
 
Updated on 2000-01-07  
 
Keywords root userhelper pam  
 


1. Topic:
A security bug has been discovered and fixed in the userhelper program.

2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem.

2. Problem description:
A security bug was found in userhelper; the bug can be exploited to provide local users with root access.

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue.

 

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:
Red Hat Linux 6.1, all architectures

5. Obsoleted by:
None

6. Conflicts with:
None

7. RPMs required:

Intel:

pam-0.68-10.i386.rpm
usermode-1.18-1.i386.rpm

Alpha:

pam-0.68-10.alpha.rpm
usermode-1.18-1.alpha.rpm

SPARC:

pam-0.68-10.sparc.rpm
usermode-1.18-1.sparc.rpm

Source:

pam-0.68-10.src.rpm
usermode-1.18-1.src.rpm

 

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

 

9. Verification:

 MD5 sum                           Package Name

 -------------------------------------------------------------------------bffd4388103fa99265e267eab7ae18c8  i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881  i386/usermode-1.18-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee  alpha/usermode-1.18-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02  sparc/usermode-1.18-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa  SRPMS/usermode-1.18-1.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

10. References:
Thanks to dildog@l0pht.com for finding this bug.

  

 

 

RH6.1: New version of usermode fixes security bug

A security bug has been discovered and fixed in the userhelper program.

Summary



Summary

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue.

 

3. Bug IDs fixed: (see bugzilla for more information)


Solution

rpm -Uvh filename

where filename is the name of the RPM.

 

9. Verification:

 MD5 sum                           Package Name
93d5f7c1316d8b926d3a47d87b28b881  i386/usermode-1.18-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07  alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee  alpha/usermode-1.18-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675  sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02  sparc/usermode-1.18-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d  SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa  SRPMS/usermode-1.18-1.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
About

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

References

 

 

 

Package List


Severity

Topic


Topic

2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem.


 

Relevant Releases Architectures

5. Obsoleted by:
None

6. Conflicts with:
None

7. RPMs required:

Intel:

pam-0.68-10.i386.rpm
usermode-1.18-1.i386.rpm

Alpha:

pam-0.68-10.alpha.rpm
usermode-1.18-1.alpha.rpm

SPARC:

pam-0.68-10.sparc.rpm
usermode-1.18-1.sparc.rpm

Source:

pam-0.68-10.src.rpm
usermode-1.18-1.src.rpm

 


Bugs Fixed


Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved