Stay Secure with the Latest Linux Advisories

security advisoryRed Hatsecurity fix

Red Hat 6.1: RHSA-2000:001-03 Moderate: Userhelper Local Access Issue

A security bug was found in userhelper; the bug can be exploited to provide local users with root access.. Package usermode, PAM Synopsis New version of usermode fixes security bug Advisory ID RHSA-2000:001-03 Issue Date 2000-01-04 Updated on 2000-01-07 Keywords root userhelper pam 1. Topic: A security bug has been discovered and fixed in the userhelper program. 2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18. 2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem. 2. Problem description: A security bug was found in userhelper; the bug can be exploited to provide local users with root access. The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future. 2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue. 3. Bug IDs fixed: (see bugzilla for more information) 4. Relevant releases/architectures: Red Hat Linux 6.1, all architectures 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: pam-0.68-10.i386.rpm usermode-1.18-1.i386.rpm Alpha: pam-0.68-10.alpha.rpm usermode-1.18-1.alpha.rpm SPARC: pam-0.68-10.sparc.rpm usermode-1.18-1.sparc.rpm Source: pam-0.68-10.src.rpm usermode-1.18-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. 9. Verification: MD5 sum Package Name ------------------------------------------------------------------------- bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm 93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm 1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm 350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm 068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename Note that you need RPM > = 3.0 to check GnuPG keys. 10. References: Thanks to This email address is being protected from spambots. You need JavaScript enabled to view it. for finding this bug. . Significant vulnerability in account management fixed in the recent user-level patch for Ubuntu. Urgent installation recommended to strengthen user security.. Red Hat Security, Userhelper Exploit, Access Control Fix. . LinuxSecurity.com Team

Mar 07, 2000 Red Hat