A security bug was found in userhelper; the bug can be exploited to provide local users with root access.
fc3a85f9ccd212e3b0bcadc3eaae214af2b8f7c2b9310450a380508e3ed8aca2
<!DOCTYPE HTML PUBLIC "html.dtd">
<HTML>
<HEAD>
<TITLE>redhat.com | support</TITLE>
<SCRIPT LANGUAGE="JavaScript">
function logon_submit()
{
document.Logon0.i_1.value = document.Logon1.i_1.value;
document.Logon0.i_2.value = document.Logon1.i_2.value;
document.Logon0.action = "http://customer.support.redhat.com/rhoaprod/plsql/xxrh_OracleApps.VL";
document.Logon0.method = "POST";
document.Logon0.submit();
}
</SCRIPT>
</HEAD>
<BODY BGCOLOR="#FFFFFF" VLINK="#999966" LINK="#CC0000">
<MAP NAME="imageMap">
<AREA SHAPE="rect" ALT="home" COORDS="0,2,36,25" HREF="http://www.redhat.com/index.html">
<AREA SHAPE="rect" ALT="products" COORDS="39,2,143,25" HREF="http://www.redhat.com/products/">
<AREA SHAPE="rect" ALT="store" COORDS="145,2,183,25" HREF="http://store.redhat.com/commerce/">
<AREA SHAPE="rect" ALT="download" COORDS="185,2,244,25" HREF="http://www.redhat.com/download/">
<AREA SHAPE="rect" ALT="support" COORDS="246,2,295,25" HREF="http://www.redhat.com/support/">
<AREA SHAPE="rect" ALT="training" COORDS="297,2,352,25" HREF="http://www.redhat.com/products/training.html">
</MAP>
<TABLE WIDTH="600" CELLSPACING="0" BORDER="0" CELLPADDING="0">
<TR>
<TD WIDTH="176" BGCOLOR="#CC0000" VALIGN="TOP"><A HREF="http://store.redhat.com/commerce/"><IMG SRC="http://www.redhat.com/img/logo_small3a.gif" WIDTH="56" HEIGHT="43" ALT="redhat.com" BORDER="0"></A><A HREF="http://www.redhat.com/index.html"><IMG SRC="http://www.redhat.com/img/logo_small3b.gif" WIDTH="120" HEIGHT="43" ALT="redhat.com" BORDER="0"></A></TD>
<TD WIDTH="424" BGCOLOR="#CC0000" VALIGN="MIDDLE" ALIGN="RIGHT"> <IMG SRC="http://www.redhat.com/img/global_nav.gif" WIDTH="353" HEIGHT="26" ALT="" USEMAP="http://www.redhat.com/support/errata/RHSA2000001-03.html#imageMap" BORDER="0"> <A HREF="http://www.redhat.com/join/"><IMG SRC="http://www.redhat.com/img/header_join.gif" WIDTH="34" HEIGHT="24" ALT="join" BORDER="0"></A> </TD>
</TR>
</TABLE>
<TABLE WIDTH="600" CELLSPACING="0" BORDER="0" CELLPADDING="2">
<TR>
<TD BGCOLOR="#333333"><IMG SRC="http://www.redhat.com/img/pixel.gif" WIDTH="1" HEIGHT="2" ALT="" BORDER="0"></TD>
<TD BGCOLOR="#333333"><IMG SRC="http://www.redhat.com/img/pixel.gif" WIDTH="1" HEIGHT="2" ALT="" BORDER="0"></TD>
</TR>
<TR>
<TD COLSPAN="2" BGCOLOR="#333333" VALIGN="MIDDLE" ALIGN="CENTER"><A HREF="http://ad.doubleclick.net/jump/www.redhat.com/;sz=468x60;ord=OHvjdM6EKcsAADCVxXw"><IMG SRC="http://ad.doubleclick.net/ad/www.redhat.com/;sz=468x60;ord=OHvjdM6EKcsAADCVxXw" WIDTH="468" HEIGHT="60" BORDER="0"></A></TD>
</TR>
<TR>
<TD COLSPAN="2" BGCOLOR="#333333"><IMG SRC="http://www.redhat.com/img/pixel.gif" WIDTH="1" HEIGHT="2" ALT="" BORDER="0"></TD>
</TR>
<TR>
<TD COLSPAN="2" BGCOLOR="#999966"><A HREF="http://www.redhat.com/support/"><FONT SIZE="2" FACE="HELVETICA" COLOR="#FFFFCC"><SPAN STYLE="COLOR:#FFFFCC">Product Support:</SPAN></FONT></A> <A HREF="http://www.redhat.com/support/errata/"><FONT SIZE="2" FACE="HELVETICA" COLOR="#FFFFCC"><SPAN STYLE="COLOR:#FFFFCC">Errata:</SPAN></FONT></A> <A HREF="http://www.redhat.com/support/errata/rh-errata.html"><FONT SIZE="2" FACE="HELVETICA" COLOR="#FFFFCC"><SPAN STYLE="COLOR:#FFFFCC">Red Hat Linux:</SPAN></FONT></A> <A HREF="http://www.redhat.com/support/errata/rh61-errata-security.html"><FONT SIZE="2" FACE="HELVETICA" COLOR="#FFFFCC"><SPAN STYLE="COLOR:#FFFFCC">6.1 Security Advisories:</SPAN></FONT></A> <FONT SIZE="3" FACE="HELVETICA" COLOR="#FFFFFF"><B>Advisory</B></FONT></TD>
</TR>
</TABLE>
<TABLE WIDTH="600" CELLSPACING="0" BORDER="0" CELLPADDING="0">
<TR>
<TD WIDTH="50"><IMG SRC="http://www.redhat.com/img/pixel.gif" WIDTH="50" HEIGHT="1" ALT="" BORDER="0"></TD>
<TD WIDTH="525" VALIGN="TOP"><BR>
<FONT SIZE="3" FACE="HELVETICA">
<!-- begin content -->
<TABLE WIDTH="525" CELLSPACING="0" BORDER="0" CELLPADDING="0">
<TR>
<TD COLSPAN="3"> </TD>
</TR>
<TR>
<TD COLSPAN="2"><FONT SIZE="3" FACE="HELVETICA"><B>Red Hat, Inc. Security Advisory</B></FONT><HR NOSHADE SIZE="2"></TD>
<TD WIDTH="45"></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Package</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">usermode, PAM</FONT></TD>
<TD WIDTH="45"></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Synopsis</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">New version of usermode fixes security bug</FONT></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Advisory ID</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">RHSA-2000:001-03</FONT></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Issue Date</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">2000-01-04</FONT></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Updated on</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">2000-01-07</FONT></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA" COLOR="#666666"><B>Keywords</B></FONT></TD>
<TD WIDTH="45%"><FONT SIZE="3" FACE="HELVETICA">root userhelper pam</FONT></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><HR NOSHADE SIZE="1"></TD>
<TD></TD>
</TR>
<TR>
<TD COLSPAN="2"><FONT SIZE="3" FACE="HELVETICA">
<BR><BR>
<P>
<FONT COLOR="#666666">1. Topic:</FONT><BR>
<!-- begin TOPIC -->
A security bug has been discovered and fixed in the userhelper program.
<P>
2000-01-07: usermode-1.17 introduced a bug that caused a segmentation
fault in userhelper in some configurations, fixed in
usermode-1.18.
<P>
2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix
a dependency problem.
<!-- end TOPIC -->
<P>
<FONT COLOR="#666666">2. Problem description:</FONT><BR>
<!-- begin PROBLEM DESCRIPTION -->
A security bug was found in userhelper; the bug can be exploited to
provide local users with root access.
<P>
The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been
modified to help prevent similar attacks on other software in the future.
<P>
2000-01-04: Red Hat Linux 6.0 users will need to upgrade to
SysVinit-2.77-2 to fix a minor dependency issue.
<P>
<!-- end PROBLEM DESCRIPTION -->
<P>
<FONT COLOR="#666666">3. Bug IDs fixed: (see <A HREF="http://bugzilla.redhat.com/bugzilla">bugzilla</A> for more information)</FONT><BR>
<!-- begin BUG IDS FIXED -->
<!-- end BUG IDS FIXED -->
<P>
<FONT COLOR="#666666">4. Relevant releases/architectures:</FONT><BR>
<!-- begin RELEVANT RELEASES/ARCHITECTURES -->
Red Hat Linux 6.1, all architectures
<!-- end RELEVANT RELEASES/ARCHITECTURES -->
<P>
<FONT COLOR="#666666">5. Obsoleted by:</FONT><BR>
<!-- begin OBSOLETED BY -->
None
<!-- end OBSOLETED BY-->
<P>
<FONT COLOR="#666666">6. Conflicts with:</FONT><BR>
<!-- begin CONFLICTS WITH -->
None
<!-- end CONFLICTS WITH -->
<P>
<FONT COLOR="#666666">7. RPMs required:</FONT><BR>
<!-- begin RPMS REQUIRED -->
<P><B>Intel:</B><P>
<A HREF="ftp://updates.redhat.com/6.1/i386/">ftp://updates.redhat.com/6.1/i386/</A><P>
<A HREF="ftp://updates.redhat.com/6.1/i386/pam-0.68-10.i386.rpm">pam-0.68-10.i386.rpm</A><BR>
<A HREF="ftp://updates.redhat.com/6.1/i386/usermode-1.18-1.i386.rpm">usermode-1.18-1.i386.rpm</A><BR>
<P><B>Alpha:</B><P>
<A HREF="ftp://updates.redhat.com/6.1/alpha">ftp://updates.redhat.com/6.1/alpha</A><P>
<A HREF="ftp://updates.redhat.com/6.1/alpha/pam-0.68-10.alpha.rpm">pam-0.68-10.alpha.rpm</A><BR>
<A HREF="ftp://updates.redhat.com/6.1/alpha/usermode-1.18-1.alpha.rpm">usermode-1.18-1.alpha.rpm</A><BR>
<P><B>SPARC:</B><P>
<A HREF="ftp://updates.redhat.com/6.1/sparc/">ftp://updates.redhat.com/6.1/sparc</A><P>
<A HREF="ftp://updates.redhat.com/6.1/sparc/pam-0.68-10.sparc.rpm">pam-0.68-10.sparc.rpm</A><BR>
<A HREF="ftp://updates.redhat.com/6.1/sparc/usermode-1.18-1.sparc.rpm">usermode-1.18-1.sparc.rpm</A><BR>
<P><B>Source:</B><P>
<A HREF="ftp://updates.redhat.com/6.1/SRPMS/">ftp://updates.redhat.com/6.1/SRPMS</A><P>
<A HREF="ftp://updates.redhat.com/6.1/SRPMS/pam-0.68-10.src.rpm">pam-0.68-10.src.rpm</A><BR>
<A HREF="ftp://updates.redhat.com/6.1/SRPMS/usermode-1.18-1.src.rpm">usermode-1.18-1.src.rpm</A><P>
<!-- end RPMS REQUIRED -->
<P>
<FONT COLOR="#666666">8. Solution:</FONT><BR>
<!-- begin foo SOLUTION -->
For each RPM for your particular architecture, run:
<P>
rpm -Uvh filename
<P>
where filename is the name of the RPM.
<P>
<!-- end SOLUTION -->
<P>
<FONT COLOR="#666666">9. Verification:</FONT><BR>
<!-- begin foo VERIFICATION -->
<PRE>
MD5 sum Package Name
-------------------------------------------------------------------------
bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm
93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm
fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm
1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm
350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm
068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm
f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm
dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpm
</PRE>
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:<BR>
<A HREF="http://www.redhat.com/about/contact.html">http://www.redhat.com/about/contact.html</A>
<P>
You can verify each package with the following command:
rpm --checksig filename
<P>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg filename
<P>
Note that you need RPM >= 3.0 to check GnuPG keys.
<!-- end VERIFICATION -->
<P>
<FONT COLOR="#666666">10. References:</FONT><BR>
<!-- begin REFERENCES -->
Thanks to dildog@l0pht.com for finding this bug.
<!-- end REFERENCES -->
</FONT></TD>
<TD></TD>
</TR>
</TABLE>
<!-- end content -->
<BR> <BR></FONT>
<!-- end content -->
<!-- footer -->
<P>
<FORM METHOD="POST" ACTION="http://www.redhat.com/apps/search/results.html">
<TABLE WIDTH="525" CELLSPACING="0" BORDER="0" CELLPADDING="0">
<TR>
<TD COLSPAN="2"><IMG SRC="http://www.redhat.com/img/pixel_black.gif" WIDTH="525" HEIGHT="2" ALT="" BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="#FFFFCC" WIDTH="470" NOWRAP><FONT SIZE="2" FACE="HELVETICA" COLOR="#666666"><B>Search for</B> <INPUT MAXLENGTH="35" NAME="search:query" TYPE="text" SIZE="13"> <B>on</B> <INPUT NAME="search:where" TYPE="radio" VALUE="redhat" CHECKED> redhat.com <INPUT NAME="search:where" TYPE="radio" VALUE="linux"> Linux sites <INPUT TYPE="Submit" VALUE="Go"></FONT></TD>
<TD BGCOLOR="#FFFFCC" WIDTH="55" ALIGN="right"><A HREF="http://www.google.com/"><IMG SRC="http://www.redhat.com/img/google_sm.gif" WIDTH="55" ALT="google" HEIGHT="35" BORDER="0"></A></TD>
</TR>
</TABLE>
</FORM>
<P>
<FONT SIZE="1" FACE="HELVETICA" COLOR="#CC0000">
<A HREF="http://www.redhat.com/index.html">Home</A> | <A HREF="http://www.redhat.com/products/">Products & Services</A> | <A HREF="http://www.redhat.com/commerce/">Store</A> | <A HREF="http://www.redhat.com/download/">Download</A> | <A HREF="http://www.redhat.com/support/">Product Support</A> | <A HREF="http://www.redhat.com/products/training.html">Training</A> | <A HREF="http://www.redhat.com/partners/">Partners & Programs</A>
<BR><A HREF="http://www.redhat.com/community/">Community Center</A> | <A HREF="http://www.redhat.com/news/">News & Views</A> | <A HREF="http://www.redhat.com/appindex/">Linux Applications</A> | <A HREF="http://www.redhat.com/join/">Join</A> | <A HREF="http://www.redhat.com/cgi-bin/dispatcher/edit_user">My Account</A>
<BR><A HREF="http://www.redhat.com/about/">About Red Hat</A> | <A HREF="http://www.redhat.com/legal/legal_statement.html">Legal Statement</A> | <A HREF="http://www.redhat.com/legal/privacy_statement.html">Privacy Statement</A> | <A HREF="http://www.redhat.com/legal/y2k_statement.html">Y2K Statement</A> | <A HREF="http://www.redhat.com/feedback.html">Feedback</A><BR>
</FONT>
<P>
<FONT SIZE="1" FACE="HELVETICA">Copyright © 1999 Red Hat, Inc. All rights reserved.<BR></FONT>
<!-- end footer -->
</TD>
<TD WIDTH="25"><IMG SRC="http://www.redhat.com/img/pixel.gif" WIDTH="25" HEIGHT="1" ALT="" BORDER="0"></TD>
</TR>
</TABLE>
</BODY>
</HTML>