<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:031-1 - Updated utempter packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           utempter
 Advisory ID:            MDKSA-2004:031-1
 Date:                   April 21st, 2004
 Original Advisory Date: April 19th, 2004
 Affected versions:      10.0, 9.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Steve Grubb discovered two potential issues in the utempter program:
 
 1) If the path to the device contained /../ or /./ or //, the                 
 program was not exiting as it should. It would be possible to use something 
 like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked 
 to another important file, programs that have root privileges that do no 
 further validation can then overwrite whatever the symlink pointed to.
                                                                                
 2) Several calls to strncpy without a manual termination of the string.
 This would most likely crash utempter.
 
 The updated packages are patched to correct these problems.
  
Update:

 The second portion of the patch to address the manual termination of 
 the string has been determined to be uneccessary, as well as reducing the 
 length of utmp strings by one character.  As such, it has been removed.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 20728c199dc84538cc1c1c5db70b6784  10.0/SRPMS/utempter-0.5.2-12.2.100mdk.src.rpm
 295d91a84f7495ec66796b06317a6e50  
10.0/RPMS/libutempter0-0.5.2-12.2.100mdk.i586.rpm
 f6a6a5bff4c46f68f2e2039f88e281b9  
10.0/RPMS/libutempter0-devel-0.5.2-12.2.100mdk.i586.rpm
 80064975fddb9184eed63988ab8d5144  10.0/RPMS/utempter-0.5.2-12.2.100mdk.i586.rpm

 Corporate Server 2.1:
 9c88fb56dd2bf5be45b667dd986b6a93  
corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm
 dc2b4c0b75f5829b01e5711a48575acb  
corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.i586.rpm
 234bf4cd1d11f03999d0389dfb1b92a0  
corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.i586.rpm
 d8c8193245ee4bb4dd0b29934710d616  
corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.i586.rpm

 Corporate Server 2.1/x86_64:
 9c88fb56dd2bf5be45b667dd986b6a93  
x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm
 c633f8b5c17c2c2005b7ea2e83f88ad3  
x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.x86_64.rpm
 68d6d623e6c20493301d78dc51b64ae6  
x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.x86_64.rpm
 dab90f2133385bf148f104f95031e95b  
x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.x86_64.rpm

 Mandrakelinux 9.1:
 d5130114cb6a6eac57b13eb91abfef36  9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm
 0593f4150d6eae47c91e844e39b45a98  
9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.i586.rpm
 9fa7cc39c0f06052be6e6a8a961e2ccd  
9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.i586.rpm
 0000bb29eff9317cb386eb5674c5f8e3  9.1/RPMS/utempter-0.5.2-10.2.91mdk.i586.rpm

 Mandrakelinux 9.1/PPC:
 d5130114cb6a6eac57b13eb91abfef36  
ppc/9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm
 b63ef5b274759fd8c72f1b756b343275  
ppc/9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.ppc.rpm
 ee58c267af2148950cd8ddf0dbd2829f  
ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.ppc.rpm
 d0d22b0acaa39b6a55763c36fb5ba06c  
ppc/9.1/RPMS/utempter-0.5.2-10.2.91mdk.ppc.rpm

 Mandrakelinux 9.2:
 7e74a057a62e7b9b673ce6d67afa7787  9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm
 70753671ed9759554caebf40a5e6045c  
9.2/RPMS/libutempter0-0.5.2-12.2.92mdk.i586.rpm
 ae1cad0a2d1bb89c2311f1a331b3af84  
9.2/RPMS/libutempter0-devel-0.5.2-12.2.92mdk.i586.rpm
 622767f0ce4824a0d70424932954b5d6  9.2/RPMS/utempter-0.5.2-12.2.92mdk.i586.rpm

 Mandrakelinux 9.2/AMD64:
 7e74a057a62e7b9b673ce6d67afa7787  
amd64/9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm
 1b3fe88346c0abc0f964f397c033b234  
amd64/9.2/RPMS/lib64utempter0-0.5.2-12.2.92mdk.amd64.rpm
 bfc40facd647fe21e22f1753556b3e33  
amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.2.92mdk.amd64.rpm
 3aa865490f19b372a47e34157bbcdaff  
amd64/9.2/RPMS/utempter-0.5.2-12.2.92mdk.amd64.rpm

 Multi Network Firewall 8.2:
 3d1f7e6a11e8d342a625a5f2c849ac98  
mnf8.2/SRPMS/utempter-0.5.2-5.2.M82mdk.src.rpm
 7b5a0a2804484629e48956f0173bd034  
mnf8.2/RPMS/libutempter0-0.5.2-5.2.M82mdk.i586.rpm
 e0187ad9c7ab211e1a6a51344da3ec59  
mnf8.2/RPMS/libutempter0-devel-0.5.2-5.2.M82mdk.i586.rpm
 fe94436a22a4547e9d5b499076b431b9  
mnf8.2/RPMS/utempter-0.5.2-5.2.M82mdk.i586.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAhvQvmqjQ0CJFipgRApDdAJ4kEeNNdqpcnvIHVnNQwTMTgV82zwCeJI2d
CPruJjkPeKUUTT+62rRib4U=
=oJ1E
-----END PGP SIGNATURE-----