Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Gentoo Linux Advisories: man, mysql

Mar 19, 2003, 02:46 (0 Talkback[s])

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-14
- - ---------------------------------------------------------------------

          PACKAGE : mysql
          SUMMARY : remote root exploit
             DATE : 2003-03-18 18:12 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <3.23.56
    FIXED VERSION : >=3.23.56
              CVE : 

- - ---------------------------------------------------------------------

"This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.

In particular, MySQL will no longer read config files that are
world-writeable (and SELECT ... OUTFILE always creates world-writeable
files). Also, unlike other options, for --user option the first one will
have the precedence. So if --user is set in /etc/my.cnf (as it is
recommended in the manual), datadir/my.cnf will not be able to override
it."

quote from:
http://marc.theaimsgroup.com/?l=bugtraq&m=104739810523433&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-db/mysql upgrade to mysql-3.23.56 as follows:

emerge sync
emerge mysql
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-13
- - ---------------------------------------------------------------------

          PACKAGE : man
          SUMMARY : arbitrary code execution
             DATE : 2003-03-18 18:03 UTC
          EXPLOIT : local
VERSIONS AFFECTED : <1.5l
    FIXED VERSION : >=1.5l
              CVE : CAN-2003-0124

- - ---------------------------------------------------------------------

- From advisory:

"man 1.5l was released today, fixing a bug which results in arbitrary code
execution upon reading a specially formatted man file. The basic problem
is, upon finding a string with a quoting problem, the function my_xsprintf
in util.c will return "unsafe" (rather than returning a string which could
be interpreted by the shell). This return value is passed directly to
system(3) - meaning if there is any program named `unsafe`, it will execute
with the privs of the user."

Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/man upgrade to man-1.5l as follows:

emerge sync
emerge man
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------