---

Home Security

Red Hat Security Advisory: New version of usermode, pam

By

Date: Tue, 04 Jan 2000 11:58:23 -0500
From: “Michael K. Johnson” johnsonm@redhat.com
To: redhat-watch-list@redhat.com

Red Hat, Inc. Security Advisory

Synopsis: New version of usermode fixes security bug
Advisory ID: RHSA-2000:001-01
Issue date: 2000-01-04
Updated on: 2000-01-04
Keywords: root userhelper pam
Cross references:

1. Topic:

A security bug has been discovered and fixed in the userhelper
program.

2. Relevant releases/architectures:

Red Hat Linux 6.0 and 6.1, all architectures.

3. Problem description:

A security bug was found in userhelper; the bug can be exploited
to provide local users with root access.

The bug has been fixed in userhelper-1.17, and pam-0.68-10 has
been modified to help prevent similar attacks on other software in
the future.

4. Solution:

For each RPM for your particular architecture, run:
rpm -Uvh
where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla/
for more info):

6. Obsoleted by:

7. Conflicts with:

8. RPMs required:

Intel:
ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm

ftp://updates.redhat.com/6.1/i386/usermode-1.17-1.i386.rpm

Alpha:
ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm

ftp://updates.redhat.com/6.1/alpha/usermode-1.17-1.alpha.rpm

Sparc:
ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm

ftp://updates.redhat.com/6.1/sparc/usermode-1.17-1.sparc.rpm

Source packages:
ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm

ftp://updates.redhat.com/6.1/SRPMS/usermode-1.17-1.src.rpm

9. Verification:

MD5 sum                           Package Name 

bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm
2d69859d2b1d2180d254fc263bdccf94 i386/usermode-1.17-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm
83c69cb92b16bb0eef295acb4c857657 alpha/usermode-1.17-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm
d89495957c9a438fda657b8a4a5f5578 sparc/usermode-1.17-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm
1d3b367d257a57de7d834043a4fcd87a SRPMS/usermode-1.17-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg

10. References:

Thanks to dildog@l0pht.com
for finding this bug.

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.