---

Home Security

Red Hat Security Advisory: imwheel buffer overflow

By

Date: Fri, 21 Apr 2000 15:45 -0400
From: bugzilla@redhat.com
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2000:016-02] imwheel buffer overflow

Red Hat, Inc. Security Advisory

Synopsis: imwheel buffer overflow
Advisory ID: RHSA-2000:016-02
Issue date: 2000-04-20
Updated on: 2000-04-21
Product: Red Hat Powertools
Keywords: imwheel buffer imwheel-solo
Cross references: N/A

1. Topic:

A buffer overflow exists in imwheel

2. Relevant releases/architectures:

Red Hat Powertools 6.1 – i386 alpha sparc
Red Hat Powertools 6.2 – i386 alpha sparc

3. Problem description:

A vulnerability exists in the imwheel package where local users
can execute arbitrary commands as root.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

N/A

6. Obsoleted by:

N/A

7. Conflicts with:

N/A

8. RPMs required:

Red Hat Powertools 6.1:

intel:

ftp://updates.redhat.com/powertools/6.1/i386/imwheel-0.9.8-1.i386.rpm

alpha:

ftp://updates.redhat.com/powertools/6.1/alpha/imwheel-0.9.8-1.alpha.rpm

sparc:

ftp://updates.redhat.com/powertools/6.1/sparc/imwheel-0.9.8-1.sparc.rpm

sources:

ftp://updates.redhat.com/powertools/6.1/SRPMS/imwheel-0.9.8-1.src.rpm

Red Hat Powertools 6.2:

intel:

ftp://updates.redhat.com/powertools/6.2/i386/imwheel-0.9.8-1.i386.rpm

alpha:

ftp://updates.redhat.com/powertools/6.2/alpha/imwheel-0.9.8-1.alpha.rpm

sparc:

ftp://updates.redhat.com/powertools/6.2/sparc/imwheel-0.9.8-1.sparc.rpm

sources:

ftp://updates.redhat.com/powertools/6.2/SRPMS/imwheel-0.9.8-1.src.rpm

9. Verification:

MD5 sum                           Package Name

fa97ae01087560b01ef0c08266e097b5 6.1/sparc/imwheel-0.9.8-1.sparc.rpm
921c50608059cd74840d070e5f538202 6.1/SRPMS/imwheel-0.9.8-1.src.rpm
0350d5be826d54f80948f4a4e9de6101 6.1/i386/imwheel-0.9.8-1.i386.rpm
f1cc900d060fec5546a229f0a7a4d48d 6.1/alpha/imwheel-0.9.8-1.alpha.rpm
fa97ae01087560b01ef0c08266e097b5 6.2/sparc/imwheel-0.9.8-1.sparc.rpm
0350d5be826d54f80948f4a4e9de6101 6.2/i386/imwheel-0.9.8-1.i386.rpm
f1cc900d060fec5546a229f0a7a4d48d 6.2/alpha/imwheel-0.9.8-1.alpha.rpm
921c50608059cd74840d070e5f538202 6.2/SRPMS/imwheel-0.9.8-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

10. References:

http://www.securityfocus.com/vdb/bottom.html?vid=1060

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.