LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Updated 'mgetty' packages available Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux The mgetty-sendfax package contains a vulnerability. Updated packages are available.
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated mgetty packages are now available.
Advisory ID:       RHSA-2000:059-02
Issue date:        2000-09-07
Updated on:        2000-09-11
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

The mgetty-sendfax package contains a vulnerability which allows any
user with access to the /var/tmp directory to destroy any file on any
mounted filesystem.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2E - i386, alpha, sparc

3. Problem description:

The faxrunq and faxrunqd commands supplied with the mgetty-sendfax package
use a file named /var/spool/fax/outgoing/.lastrun to keep track of the date
and time when the faxrunq command was last run.  /var/tmp is a
world-writable directory, and no check is made to ensure that .lastrun is
not a symbolic link to another file.  A malicious user can create a
symbolic link named /var/spool/fax/outgoing/.lastrun which points to any
file on a mounted filesystem, and that file's contents will be destroyed
the next time faxrunq is run.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

11874 - Mgetty packages default config is a security threat
17178 - one more security problem with mgetty
17179 - security problem with mgetty

6. RPMs required:

Red Hat Linux 5.2:

sparc: 
ftp://updates.Red Hat.com/5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm 
ftp://updates.Red Hat.com/5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm 
ftp://updates.Red Hat.com/5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm 
ftp://updates.Red Hat.com/5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm

alpha: 
ftp://updates.Red Hat.com/5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm 
ftp://updates.Red Hat.com/5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm 
ftp://updates.Red Hat.com/5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm 
ftp://updates.Red Hat.com/5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm

i386: 
ftp://updates.Red Hat.com/5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm 
ftp://updates.Red Hat.com/5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm 
ftp://updates.Red Hat.com/5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm 
ftp://updates.Red Hat.com/5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm

sources: 
ftp://updates.Red Hat.com/5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm

Red Hat Linux 6.0, 6.1, and 6.2:

sparc: 
ftp://updates.Red Hat.com/6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm 
ftp://updates.Red Hat.com/6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm

i386: 
ftp://updates.Red Hat.com/6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm 
ftp://updates.Red Hat.com/6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm 
ftp://updates.Red Hat.com/6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm

sources: 
ftp://updates.Red Hat.com/6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
b27b3fda4c0d0e7ac7b74353c4f1f145  5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm
b652205f79715212bef4c98f0d624f6d  5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm
dcc1ae6fa8cf601c3418d0affbf91039  5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm
fe85f4fe5367d619b160987e912b7e24  5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm
c2d5a314915ade00c98ba3fe4ce5712b  5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm
f2fb0d8bf7f3b2140a3e21170399bc7c  5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm
e3773830446a4fba7555d70732a2938d  5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm
245f0b0f00e1687401edd65db86cd7a9  5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm
f49678f5fc10297473b9415f7148fe94  5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm
45ff2fa65ed3411734a58162880ca19f  5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm
6b69116697c9636a9d3fc59f209d74ff  5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm
9db43716f48517d4bd6cf22253e975f1  5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm
1fabca053ad9a520d3065c00d31bb9d9  5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm
7b50848c4ef1d27d2c40e9f5e2c74f75  6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm
47d1b922a94ffe984a19285f2296907c  6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm
52c43e4d8195ee483459c0b273f064f4  6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm
3927d2ead5ef89b93f3799190af12535  6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm
4eb7013dee45011c6c7958be40e000fe  6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm
bd6ee4b93aa742d6cbc92bbae031c345  6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm
3539dc2f5c5bef8819a8bc781e0d3405  6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm
3a17e82b398d69c294952773a098c105  6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm
e61f3413ce93cd30c41eeb29caef2177  6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm
03d15f11dafe000ad55c3290974ae670  6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm
7ae49a988c81a450cabc7f2ca6d24a76  6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm
b903bc9f9531ed015248e7e000f58884  6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm
985ee71161bb9bb1c73325115e0150f3  6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.securityfocus.com/bid/1612

Thanks also go to Stan Bubrouski, Gert Doering, and mal@mail1.nai.net.


Copyright(c) 2000 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.