From: Progeny Security Team <security@progeny.com>
Subject: PROGENY-SA-2001-08: Local root vulnerability in sendfiled
Date: Fri, 20 Apr 2001 13:11:35 -0500 (EST)
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-08
Topic: Local root vulnerability in sendfiled
Software: sendfile
Announced: 2001-04-19
Credits: Colin Phipps <cphipps@doomworld.com>
Daniel Kobras
Ulli Horlacher <framstag@rus.uni-stuttgart.de>
Martin Schulze <joey@infodrom.north.de>
Affects: Progeny Debian (sendfile prior to 2.1-24)
Debian GNU/Linux potato (sendfile prior to 2.1-20.2)
Debian GNU/Linux woody/sid (sendfile prior to 2.1-24)
Vendor-Status: New Version Released (sendfile 2.1-24)
Corrected: 2001-04-20
Progeny Only: NO
$Id: PROGENY-SA-2001-08,v 1.2 2001/04/20 18:05:01 jgoerzen Exp
$
DESCRIPTION
Local users on a system may be able to exploit security flaws in
sendfiled to obtain root privileges.
SOLUTION (See also: UPDATING VIA APT-GET)
Upgrade to a fixed version of sendfile. sendfile version 2.1-24
corrects the problem. For your convenience, you may upgrade to the
sendfile_2.1-24 package.
WORKAROUND
sendfile may not be a vital system utility in every
installation. If you prefer, you can remove rather than upgrade
sendfile. To remove it, use this command:
dpkg –remove sendfile
UPDATING VIA APT-GET
deb http://archive.progeny.com/progeny
updates/newton/
2. Update your cache of available packages for apt(8).
Example:
# apt-get update
3. Using apt(8), install the new package. apt(8) will download
the
update, verify its integrity with md5, and then install the
package on your system with dpkg(8).
Example:
# apt-get install sendfile
UPDATING VIA DPKG
http://archive.progeny.com/progeny/updates/newton/
MD5 Checksum Filename
903eef59cc9253d6d732326eafe9c307 sendfile_2.1-24_i386.deb/
Example:
# wget
http://archive.progeny.com/progeny/updates/newton/sendfile_2.1-24_i386.deb
2. Use the md5sum command on the retrieved files to verify that
they
match the md5sum provided in this advisory:
Example:
# md5sum sendfile_2.1-24_i386.deb/
3. Then install the replacement package(s) using the dpkg
command.
Example:
# dpkg –install sendfile_2.1-24_i386.deb/
MORE INFORMATION
This issue was first documented at bug #74068 in the Debian
GNU/Linux bug tracking system. Information on this bug report is
available at http://bugs.debian.org/76048.
Progeny advisories can be found at http://www.progeny.com/security/.
pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.