dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Mandrakelinux Advisories: utempter, xchat

Apr 23, 2004, 15:57 (0 Talkback[s])

Mandrakelinux Security Update Advisory


Package name: utempter
Advisory ID: MDKSA-2004:031-1
Date: April 21st, 2004
Original Advisory Date: April 19th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2


Problem Description:

Steve Grubb discovered two potential issues in the utempter program:

  1. If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to.
  2. Several calls to strncpy without a manual termination of the string. This would most likely crash utempter.

The updated packages are patched to correct these problems.

Update:

The second portion of the patch to address the manual termination of the string has been determined to be uneccessary, as well as reducing the length of utmp strings by one character. As such, it has been removed.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233


Updated Packages:

Mandrakelinux 10.0:
20728c199dc84538cc1c1c5db70b6784 10.0/SRPMS/utempter-0.5.2-12.2.100mdk.src.rpm
295d91a84f7495ec66796b06317a6e50 10.0/RPMS/libutempter0-0.5.2-12.2.100mdk.i586.rpm
f6a6a5bff4c46f68f2e2039f88e281b9 10.0/RPMS/libutempter0-devel-0.5.2-12.2.100mdk.i586.rpm
80064975fddb9184eed63988ab8d5144 10.0/RPMS/utempter-0.5.2-12.2.100mdk.i586.rpm

Corporate Server 2.1:
9c88fb56dd2bf5be45b667dd986b6a93 corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm
dc2b4c0b75f5829b01e5711a48575acb corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.i586.rpm
234bf4cd1d11f03999d0389dfb1b92a0 corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.i586.rpm
d8c8193245ee4bb4dd0b29934710d616 corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.i586.rpm

Corporate Server 2.1/x86_64:
9c88fb56dd2bf5be45b667dd986b6a93 x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm
c633f8b5c17c2c2005b7ea2e83f88ad3 x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.x86_64.rpm
68d6d623e6c20493301d78dc51b64ae6 x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.x86_64.rpm
dab90f2133385bf148f104f95031e95b x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.x86_64.rpm

Mandrakelinux 9.1:
d5130114cb6a6eac57b13eb91abfef36 9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm 0593f4150d6eae47c91e844e39b45a98 9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.i586.rpm 9fa7cc39c0f06052be6e6a8a961e2ccd 9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.i586.rpm 0000bb29eff9317cb386eb5674c5f8e3 9.1/RPMS/utempter-0.5.2-10.2.91mdk.i586.rpm

Mandrakelinux 9.1/PPC:
d5130114cb6a6eac57b13eb91abfef36 ppc/9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm
b63ef5b274759fd8c72f1b756b343275 ppc/9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.ppc.rpm
ee58c267af2148950cd8ddf0dbd2829f ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.ppc.rpm
d0d22b0acaa39b6a55763c36fb5ba06c ppc/9.1/RPMS/utempter-0.5.2-10.2.91mdk.ppc.rpm

Mandrakelinux 9.2:
7e74a057a62e7b9b673ce6d67afa7787 9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm
70753671ed9759554caebf40a5e6045c 9.2/RPMS/libutempter0-0.5.2-12.2.92mdk.i586.rpm
ae1cad0a2d1bb89c2311f1a331b3af84 9.2/RPMS/libutempter0-devel-0.5.2-12.2.92mdk.i586.rpm
622767f0ce4824a0d70424932954b5d6 9.2/RPMS/utempter-0.5.2-12.2.92mdk.i586.rpm

Mandrakelinux 9.2/AMD64:
7e74a057a62e7b9b673ce6d67afa7787 amd64/9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm
1b3fe88346c0abc0f964f397c033b234 amd64/9.2/RPMS/lib64utempter0-0.5.2-12.2.92mdk.amd64.rpm
bfc40facd647fe21e22f1753556b3e33 amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.2.92mdk.amd64.rpm
3aa865490f19b372a47e34157bbcdaff amd64/9.2/RPMS/utempter-0.5.2-12.2.92mdk.amd64.rpm

Multi Network Firewall 8.2:
3d1f7e6a11e8d342a625a5f2c849ac98 mnf8.2/SRPMS/utempter-0.5.2-5.2.M82mdk.src.rpm
7b5a0a2804484629e48956f0173bd034 mnf8.2/RPMS/libutempter0-0.5.2-5.2.M82mdk.i586.rpm
e0187ad9c7ab211e1a6a51344da3ec59 mnf8.2/RPMS/libutempter0-devel-0.5.2-5.2.M82mdk.i586.rpm
fe94436a22a4547e9d5b499076b431b9 mnf8.2/RPMS/utempter-0.5.2-5.2.M82mdk.i586.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: xchat
Advisory ID: MDKSA-2004:036
Date: April 21st, 2004
Affected versions: 10.0, 9.2


Problem Description:

A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in XChat. By default, socks5 traversal is disabled, and one would also need to connect to an attacker's own custom proxy server in order for this to be exploited. Successful exploitation could lead to arbitrary code execution as the user running XChat.

The provided packages are patched to prevent this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0409
http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html


Updated Packages:

Mandrakelinux 10.0:
7b35c6f47155aa2a279ae725f00e1ce6 10.0/RPMS/xchat-2.0.7-6.1.100mdk.i586.rpm
5576b90985a43bf934dffdcac3b8f489 10.0/RPMS/xchat-perl-2.0.7-6.1.100mdk.i586.rpm
82530135e527cd8ac99193368a81c3fb 10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm
0135f544782942c6db5b5394bbc897f5 10.0/RPMS/xchat-tcl-2.0.7-6.1.100mdk.i586.rpm
1f80f67e7f5d26990aea8ec5c6a09f93 10.0/SRPMS/xchat-2.0.7-6.1.100mdk.src.rpm

Mandrakelinux 9.2:
54bc115f40f7e54fcf4a2c4d52f5676b 9.2/RPMS/xchat-2.0.4-7.1.92mdk.i586.rpm
b4762090848984ffc768be8b0eab5296 9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.i586.rpm
372ecbb839019c91a90a206e014eab5b 9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.i586.rpm
79bda0db4e637c2f8517ad380503b139 9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.i586.rpm
4bbadb5f6c4536a353e0e726ba1be312 9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
ec523f612ef1b6f7b8387653c40b0e5b amd64/9.2/RPMS/xchat-2.0.4-7.1.92mdk.amd64.rpm
78a3374d55635a9f746a4c847abec7c6 amd64/9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.amd64.rpm
0960061780b52f51e560905abd24b321 amd64/9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.amd64.rpm
b4985a2e3f5e8d2bc249e6b7cc1d0cd3 amd64/9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.amd64.rpm
4bbadb5f6c4536a353e0e726ba1be312 amd64/9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>