|
| Current Newswire:
SuSE Security Announcement: screenSep 06, 2000, 19:05 (0 Talkback[s])(Other stories by Roman Drahtmueller) Date: Wed, 6 Sep 2000 19:38:20 +0200
SuSE Security Announcement
Package: screen
Date: Wednesday, September 6th, 2000 19:35 MEST
Affected SuSE versions: 5.3, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: local root compromise
Severity (1-10): 8
SuSE default package: yes
Other affected systems: all linux systems with the screen program
installed suid root
Content of this advisory:
1) security vulnerability resolved: screen
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, temporary workarounds
3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information screen, a tty multiplexer, is installed suid root by default on SuSE Linux distributions. By supplying a thoughtfully designed string as the visual bell message, local users can obtain root privilege. Exploit information has been published on security forums. The temporary workaround for this problem would be to remove the suid bit from /usr/bin/screen*. This also requires mode changes in the /tmp/screens directory where the pipes for communication between the client and server part of screen are placed upon start of screen. SuSE provides an update for the vulnerable screen package. It is strongly recommended to upgrade to the latest version found on our ftp server as described below. The update packages remove all currently known security problems in the glibc package. Download the update package from locations desribed below and
install the package with the command `rpm -Fhv file.rpm'. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command i386 Intel Platform: SuSE-7.0 SuSE-6.4 SuSE-6.3 SuSE-6.2 SuSE-6.1 SuSE-6.0 SuSE-5.3 Sparc Platform: SuSE-7.0 AXP Alpha Platform: SuSE-6.4 SuSE-6.3 SuSE-6.1 PPC Power PC Platform: SuSE-6.4 SuSE-6.3 2) Pending vulnerabilities in SuSE Distributions and Workarounds: This section addresses currently known vulnerabilities in Linux/Unix systems that have not been resolved yet as of the release date of this advisory. - zope SuSE distributions before 7.0 do not contain zope as a package. An updated package for the freshly released SuSE-7.0 is on the way. - xchat A fix for the URL handler vulnerabilty is in progress and will be released within a few days. There is currently no effective and easy workaround other than removing the package by hand (`rpm -e xchat'). More information on xchat can be found in xchat's documentation directory /usr/doc/packages/xchat or /usr/share/doc/packages/xchat for SuSE-7.0. 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com suse-security-announce@suse.com For general information or the frequently asked questions (faq)
send mail to: SuSE's security contact is security@suse.com. Regards, - - | Roman Drahtmüller draht@suse.de // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
|
