+------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory May 29, 2001 | | http://www.engardelinux.org/ ESA-20010529-01 | | | | Package: WebTool | | Summary: The WebTool does not clean its environment before restarting | | services. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW - -------- There is a bug in the Guardian Digital WebTool which shipped with EnGarde Secure Linux version 1.0.1. DETAIL - ------ When the WebTool restarts a service, certain environmental variables are inherited which should not be, such as the token used to authenticate the administrator to the WebTool daemon. Anybody who can view the environment variables of a process can thus get this token, and potentially root access. This bug is fixed in release 1.0.72 of the 'WebTool' and 'WebTool-VHost' packages. Please note the extra upgrade instructions in the SOLUTION section of this advisory. SOLUTION - -------- All users should upgrade, as outlined in this advisory. All updates can be found at: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must be booted into a standard kernel or have LIDS disabled. To disable LIDS execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated packages, execute the command: # rpm -Uvh ... When the packages are installed, the WebTool will need to be restarted by issuing the command: # /etc/init.d/webtool restart If LIDS was disabled, it should be re-enabled: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signature of the updated packages, execute the command: # rpm -Kv UPDATED PACKAGES - ---------------- NOTE: The only packages which need to be updated are 'WebTool' and 'WebTool-VHost'. No other subpackages were modified while fixing these bugs. If you would like 1.0.72 versions of the other packages, you should rebuild the source RPM. They are not listed here nor on the FTP server to avoid any confusion. Source Packages: SRPMS/WebTool-1.2-1.0.72.src.rpm MD5 Sum: 99a2772abbdc7bba1fdcaf51cacc804a Binary Packages: noarch/WebTool-1.2-1.0.72.noarch.rpm MD5 Sum: 60e9c54e02675618cf5faf43a1b01a65 noarch/WebTool-VHost-1.2-1.0.72.noarch.rpm MD5 Sum: 924bdab801f6fbeab64f81629d54a6f9 REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Credit for the discovery of this bug goes to: J. Nick Koston WebTool's Official Web Site: http://www.engardelinux.org/ BUGTRAQ message disclosing the vulnerability: http://www.securityfocus.com/templates/archive.pike?list=1&mid=186988 - ---------------------------------------------------------------------------- $Id: 2001.05.29-WebTool,v 1.1 2001/05/29 21:10:18 rwm Exp $ - ---------------------------------------------------------------------------- Author: Ryan W. Maple, Copyright 2001, Guardian Digital, Inc.