what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SA-1997.06.txt

SA-1997.06.txt
Posted Sep 23, 1999

SA-1997.06.txt

SHA-256 | 6e18cd23df0bc47daa3a5e25a119c18dee383364ed19210afa819b5c4784f2cc
Download | Favorite | View

SA-1997.06.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.06: Vulnerability in elm package

Caldera Security Advisory SA-1997.06
Original issue date:    6-July-1997
Last revised:           6-July-1997

Topic: Vulnerability in elm

I. Problem Description

  A vulnerability exists within the elm mail reader that will allow
  allow un-privileged users on systems to read, delete, and modify other
  users' email.

  This is also known as the "termname-overflow" bug.

II. Impact

  On systems such as Caldera OpenLinux 1.0 and 1.1, an unprivileged
  user can modify other's email.

III. Solution

  Obtain the new elm-2.4.25-5.i386.rpm, and elm-doc-2.4.25-5.i386.rpm
  files and install according to the instructions found in the README
  file which is one directory up from the actual rpm files.

  These packages are located on Caldera's FTP server (ftp.caldera.com):

  /pub/openlinux/updates/1.0/current/RPMS
  /pub/openlinux/updates/1.1/current/RPMS (Both are the same)

  The MD5 checksum (from the "md5sum" command) for these packages are:
  44f6f7aa0426e205447c860b4fa0ff46  elm-2.4.25-5.i386.rpm
  f35d83b4340faccdcee47da751417e86  elm-doc-2.4.25-5.i386.rpm
        
  Please follow the instructions from the README file precisely to
  update any older version of elm that may be on your system:


IV. References / Credits

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This advisory is based on a message to linux-security:
Subject: [linux-security] Security hole in Elm...
Message-ID: <Pine.LNX.3.95L01at.970514162056.12656A-100000@venus.wis.pk.edu.pl>

  Credits to:
    Marcin Bohosiewicz <marcus@venus.wis.pk.edu.pl>
    ftp://venus.wis.pk.edu.pl/pub/RPMS/elm-2.4.25-8.i386.rpm
    ftp://venus.wis.pk.edu.pl/pub/SRPMS/elm-2.4.25-8.src.rpm
    LST / Raymund Will <ray@lst.de>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBM8A1DOn+9R4958LpAQEUrgP/cinP6XjKlCnajAEs/D60GUpwV+0ZMbut
SluunhivDw4v7ir3mXlgaHwxYY3avs4bcAvjWscZGk/1/TcN99xdeIOfOnxNvdqf
nmPCv+RE5Q02Fiy4HTTv/AM39iGL/p3OcGwd92YD9RsaWYGH+cb5USBRaR/rLVnF
J7eb4UnccJ0=
=SbiR
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close