Red Hat Security Advisory: New version of usermode, pam

Date: Fri, 07 Jan 2000 16:55:44 -0500
From: “Michael K. Johnson” johnsonm@redhat.com
To: redhat-watch-list@redhat.com

---

Red Hat, Inc. Security Advisory

Synopsis: New version of usermode fixes security bug
Advisory ID: RHSA-2000:001-03
Issue date: 2000-01-04
Updated on: 2000-01-07
Keywords: root userhelper pam
Cross references:

---

1. Topic:

A security bug has been discovered and fixed in the userhelper
program.

2000-01-07: usermode-1.17 introduced a bug that caused a
segmentation fault in userhelper in some configurations, fixed
in
usermode-1.18.

2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix
a dependency problem.

2. Relevant releases/architectures:

Red Hat Linux 6.0 and 6.1, all architectures.

3. Problem description:

A security bug was found in userhelper; the bug can be exploited
to provide local users with root access.

The bug has been fixed in userhelper-1.18, and pam-0.68-10 has
been modified to help prevent similar attacks on other software in
the future.

2000-01-04: Red Hat Linux 6.0 users will need to upgrade to
SysVinit-2.77-2 to fix a minor dependency issue.

4. Solution:

For each RPM for your particular architecture, run:
rpm -Uvh
where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/
for more info):

6. Obsoleted by:

7. Conflicts with:

8. RPMs required:

Red Hat Linux 6.1:

Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm

ftp://updates.redhat.com/6.1/i386/usermode-1.18-1.i386.rpm

Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm

ftp://updates.redhat.com/6.1/alpha/usermode-1.18-1.alpha.rpm

Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/usermode-1.18-1.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm

ftp://updates.redhat.com/6.1/SRPMS/usermode-1.18-1.src.rpm

Red Hat Linux 6.0:

Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm

ftp://updates.redhat.com/6.1/i386/usermode-1.18-1.i386.rpm

ftp://updates.redhat.com/6.0/i386/SysVinit-2.77-2.i386.rpm

Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm

ftp://updates.redhat.com/6.1/alpha/usermode-1.18-1.alpha.rpm

ftp://updates.redhat.com/6.0/alpha/SysVinit-2.77-2.alpha.rpm

Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/usermode-1.18-1.sparc.rpm

ftp://updates.redhat.com/6.0/sparc/SysVinit-2.77-2.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm

ftp://updates.redhat.com/6.1/SRPMS/usermode-1.18-1.src.rpm

ftp://updates.redhat.com/6.0/SRPMS/SysVinit-2.77-2.src.rpm

9. Verification:

MD5 sum                           Package Name 

---

bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm
f6d639bcbbcb5155364a9cb521f61463 i386/SysVinit-2.77-2.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm
e411972f5430e3182dd0da946641f37d alpha/SysVinit-2.77-2.alpha.rpm
350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm
91747cdbe9d7f66d608a1f35177ff200 sparc/SysVinit-2.77-2.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpm
c40b184c60f212f3fdd484eeb2de6f71 SRPMS/SysVinit-2.77-2.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

10. References:

Thanks to dildog@l0pht.com
for finding this bug.