Stay Secure with the Latest Linux Advisories

security advisorycritical issueFedora Core

Fedora Core 2: 2004-154 Critical: Net-Tools Excessive Privilege

netlink_listen & netlink_receive_dump should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces.. Fedora Update Notification FEDORA-2004-154 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : net-tools Version : 1.60 Release : 25.1 Summary : Basic networking tools. Description : The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. --------------------------------------------------------------------- The code in netlink.c is based in part on the code of iproute. It was not updated when CAN-2003-0856 was announced. The code in question is within the netlink_listen & netlink_receive_dump functions. They should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces. These updated packages now contain the latest netplug daemon which fixes that problem. All users of netplug are strongly encouraged to upgrade to these new packages. --------------------------------------------------------------------- * Thu Jun 03 2004 Phil Knirsch 1.60-25.1 - Built FC2 security errata version based on rawhide. * Fri May 14 2004 Phil Knirsch 1.60-27 - Fixed compiler warning/error in netplug. - Updated to netplug-1.2.6 for security update and fixes. * Thu May 06 2004 Phil Knirsch 1.60-26 - Updated netplugd to latest upstream version. - Fixed execshield problem in main.c of netplugd. --------------------------------------------------------------------- This update can be downloaded from: 4d37c3c4484a9d0efe3a3f726072454a SRPMS/net-tools-1.60-25.1.src.rpm caa17b1b3a8a9639afdf2483068e0f12 i386/net-tools-1.60-25.1.i386.rpm 6b9bc4fd68b8c4d9f11403f4f10b9e6e i386/debug/net-tools-debuginfo-1.60-25.1.i386.rpm 1a9523abb0871c1c173d3c1c8ec297a1 x86_64/net-tools-1.60-25.1.x86_64.rpm a1fce7c6d5a0eed37d825f70f89ec53c x86_64/debug/net-tools-debuginfo-1.60-25.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. . A critical vulnerability in net-tools for Fedora Core 2 could allow unauthorized privilege escalation. Users must apply security updates immediately. excessive privilege, net-tools update, Fedora security, network tools patch, vulnerability notification. . Severity: Critical. LinuxSecurity.com Team

Jun 08, 2004 •Critical Fedora