+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory May 29, 2001 |
| http://www.engardelinux.org/ ESA-20010529-01 |
| |
| Package: WebTool |
| Summary: The WebTool does not clean its environment before restarting |
| services. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, complete e-commerce using AllCommerce,
and integrated open source security tools.
OVERVIEW
- --------
There is a bug in the Guardian Digital WebTool which shipped with
EnGarde Secure Linux version 1.0.1.
DETAIL
- ------
When the WebTool restarts a service, certain environmental variables
are inherited which should not be, such as the token used to
authenticate the administrator to the WebTool daemon. Anybody who can
view the environment variables of a process can thus get this token,
and potentially root access.
This bug is fixed in release 1.0.72 of the 'WebTool' and
'WebTool-VHost' packages. Please note the extra upgrade instructions
in the SOLUTION section of this advisory.
SOLUTION
- --------
All users should upgrade, as outlined in this advisory. All updates
can be found at:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
Before upgrading the package, the machine must be booted into a
standard kernel or have LIDS disabled. To disable LIDS execute the
command:
# /sbin/lidsadm -S -- -LIDS_GLOBAL
To install the updated packages, execute the command:
# rpm -Uvh ...
When the packages are installed, the WebTool will need to be restarted
by issuing the command:
# /etc/init.d/webtool restart
If LIDS was disabled, it should be re-enabled:
# /sbin/lidsadm -S -- +LIDS_GLOBAL
To verify the signature of the updated packages, execute the command:
# rpm -Kv
UPDATED PACKAGES
- ----------------
NOTE: The only packages which need to be updated are 'WebTool' and
'WebTool-VHost'. No other subpackages were modified while
fixing these bugs. If you would like 1.0.72 versions of the
other packages, you should rebuild the source RPM. They are
not listed here nor on the FTP server to avoid any confusion.
Source Packages:
SRPMS/WebTool-1.2-1.0.72.src.rpm
MD5 Sum: 99a2772abbdc7bba1fdcaf51cacc804a
Binary Packages:
noarch/WebTool-1.2-1.0.72.noarch.rpm
MD5 Sum: 60e9c54e02675618cf5faf43a1b01a65
noarch/WebTool-VHost-1.2-1.0.72.noarch.rpm
MD5 Sum: 924bdab801f6fbeab64f81629d54a6f9
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Credit for the discovery of this bug goes to:
J. Nick Koston
WebTool's Official Web Site:
http://www.engardelinux.org/
BUGTRAQ message disclosing the vulnerability:
http://www.securityfocus.com/templates/archive.pike?list=1&mid=186988
- ----------------------------------------------------------------------------
$Id: 2001.05.29-WebTool,v 1.1 2001/05/29 21:10:18 rwm Exp $
- ----------------------------------------------------------------------------
Author: Ryan W. Maple,
Copyright 2001, Guardian Digital, Inc.
EnGarde Secure Linux Security Advisory: WebTool
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis