rhsa.2000-059-02.mgetty

rhsa.2000-059-02.mgetty: Posted Sep 13, 2000; Site redhat.com; Red Hat Security Advisory - The mgetty-sendfax package contains a vulnerability which allows any user with access to the /var/tmp directory to destroy any file on any mounted filesystem. A malicious user can create a symbolic link named /var/spool/fax/outgoing/.lastrun which points to any file on a mounted filesystem, and that file's contents will be destroyed the next time faxrunq is run.; systems | linux, redhat; SHA-256 | 6729a1a0b2737e85ae4f5ba7398a377fec561d503a17dd3698e11dd59d09872e; Download | Favorite | View

rhsa.2000-059-02.mgetty

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated mgetty packages are now available.
Advisory ID:       RHSA-2000:059-02
Issue date:        2000-09-07
Updated on:        2000-09-11
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

The mgetty-sendfax package contains a vulnerability which allows any
user with access to the /var/tmp directory to destroy any file on any
mounted filesystem.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2E - i386, alpha, sparc

3. Problem description:

The faxrunq and faxrunqd commands supplied with the mgetty-sendfax package
use a file named /var/spool/fax/outgoing/.lastrun to keep track of the date
and time when the faxrunq command was last run.  /var/tmp is a
world-writable directory, and no check is made to ensure that .lastrun is
not a symbolic link to another file.  A malicious user can create a
symbolic link named /var/spool/fax/outgoing/.lastrun which points to any
file on a mounted filesystem, and that file's contents will be destroyed
the next time faxrunq is run.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

11874 - Mgetty packages default config is a security threat
17178 - one more security problem with mgetty
17179 - security problem with mgetty


6. RPMs required:

Red Hat Linux 5.2:

sparc:
ftp://updates.redhat.com/5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm

alpha:
ftp://updates.redhat.com/5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm
ftp://updates.redhat.com/5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm

sources:
ftp://updates.redhat.com/5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm

Red Hat Linux 6.0, 6.1, and 6.2:

sparc:
ftp://updates.redhat.com/6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm

alpha:
ftp://updates.redhat.com/6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
b27b3fda4c0d0e7ac7b74353c4f1f145  5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm
b652205f79715212bef4c98f0d624f6d  5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm
dcc1ae6fa8cf601c3418d0affbf91039  5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm
fe85f4fe5367d619b160987e912b7e24  5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm
c2d5a314915ade00c98ba3fe4ce5712b  5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm
f2fb0d8bf7f3b2140a3e21170399bc7c  5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm
e3773830446a4fba7555d70732a2938d  5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm
245f0b0f00e1687401edd65db86cd7a9  5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm
f49678f5fc10297473b9415f7148fe94  5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm
45ff2fa65ed3411734a58162880ca19f  5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm
6b69116697c9636a9d3fc59f209d74ff  5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm
9db43716f48517d4bd6cf22253e975f1  5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm
1fabca053ad9a520d3065c00d31bb9d9  5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm
7b50848c4ef1d27d2c40e9f5e2c74f75  6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm
47d1b922a94ffe984a19285f2296907c  6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm
52c43e4d8195ee483459c0b273f064f4  6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm
3927d2ead5ef89b93f3799190af12535  6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm
4eb7013dee45011c6c7958be40e000fe  6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm
bd6ee4b93aa742d6cbc92bbae031c345  6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm
3539dc2f5c5bef8819a8bc781e0d3405  6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm
3a17e82b398d69c294952773a098c105  6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm
e61f3413ce93cd30c41eeb29caef2177  6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm
03d15f11dafe000ad55c3290974ae670  6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm
7ae49a988c81a450cabc7f2ca6d24a76  6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm
b903bc9f9531ed015248e7e000f58884  6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm
985ee71161bb9bb1c73325115e0150f3  6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://www.securityfocus.com/bid/1612

Thanks also go to Stan Bubrouski, Gert Doering, and mal@mail1.nai.net.


Copyright(c) 2000 Red Hat, Inc.

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

rhsa.2000-059-02.mgetty

rhsa.2000-059-02.mgetty

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

rhsa.2000-059-02.mgetty

Share This

rhsa.2000-059-02.mgetty

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems