LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: gpm vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux Multiple security problems and a gpmctl vulnerability exists.
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          gpm security flaws have been addressed
Advisory ID:       RHSA-2000:045-01
Issue date:        2000-07-26
Updated on:        2000-07-26
Product:           Red Hat Linux
Keywords:          gpm, denial of service, /dev/gpmctl, gpm-root, setgid
Cross references:  RHSA-2000:044
---------------------------------------------------------------------

1. Topic:

gpm as shipped in Red Hat Linux 5.2 and 6.x contains a number of
security problems.  Additionally, a denial of service attack via
/dev/gpmctl is possible.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc

3. Problem description:

Two problems exist in gpm, the program used to enable mouse
control on the console when not using X Windows:

1. gpm did not perform adequate checking of setgid return values
in the gpm-root helper program.  This resulted in an avenue of
attack where local users could execute arbitrary commands with
elevated group priviledges.

2. /dev/gpmctl was writable by users who were not on the console.
A user could perform a local denial of service attack by flooding
the socket.

The security issue has been addressed on 5.2 and 6.x.

For 6.x, the /dev/gpmctl ownership issue was addressed via the
pam_console helper mechanism.  This pam module makes devices
which need to be accessible via console users owned by them and
no one else.  See RHSA-2000:044 for more information on this
update.

On 5.2, there is no control of console devices available via pam,
so we have disabled access to /dev/gpmctl by default.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

For 6.x systems, you must upgrade your pam to the version
discussed in RHSA-2000:044 to achieve protection from the denial
of service attack.  

For Red Hat Linux 5.2, if you use gpm's "repeater" functionality
for X Windows, you will need to reenable access to group/other
users of /dev/gpmctl with the chown command.  Red Hat Linux does
not make use of this functionality by default, and we do not
recommend taking this action for the reasons explained above.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

11607 - Newest gpm RPM package will not install


6. RPMs required:

Red Hat Linux 5.2:

sparc: 
ftp://updates.Red Hat.com/5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm

alpha: 
ftp://updates.Red Hat.com/5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm

i386: 
ftp://updates.Red Hat.com/5.2/i386/gpm-1.19.3-0.5.x.i386.rpm

sources: 
ftp://updates.Red Hat.com/5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm

Red Hat Linux 6.2:

sparc: 
ftp://updates.Red Hat.com/6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm

i386: 
ftp://updates.Red Hat.com/6.2/i386/gpm-1.19.3-0.6.x.i386.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm

sources: 
ftp://updates.Red Hat.com/6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
7e14aa2b98ababfe815b292ff8439b50  5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm
668c1dd35c9e28cd54c34aed0126afe9  5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm
6e5ae7e9d4f552978d4821fe5e06e27b  5.2/i386/gpm-1.19.3-0.5.x.i386.rpm
13be2dda7373cbb90567b11dca1e8a76  5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm
8205248615a5e249e3612753ec7d7c08  6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm
1750a3ba1ff2094e9e77bcaac8ece826  6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm
0dd38c9d324a9e82ab8aceb75394a94e  6.2/i386/gpm-1.19.3-0.6.x.i386.rpm
274dfea2fffb8dc6785686409ba3f37a  6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
100000@csibe.fazekas.hu'>http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=Pine.LNX.4.21.0003231428110.13143-100000@csibe.fazekas.hu
 
200000@apollo.aci.com.pl'>http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl


Copyright(c) 2000 Red Hat, Inc.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at  http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Linux Foundation enlists Microsoft, Google to prevent the next Heartbleed
Heartbleed prompts joint vendor effort to boost OpenSSL, security
F.B.I. Informant Is Tied to Cyberattacks Abroad
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.