`

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated mgetty packages are now available.
Advisory ID:       RHSA-2000:059-02
Issue date:        2000-09-07
Updated on:        2000-09-11
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

The mgetty-sendfax package contains a vulnerability which allows any
user with access to the /var/tmp directory to destroy any file on any
mounted filesystem.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2E - i386, alpha, sparc

3. Problem description:

The faxrunq and faxrunqd commands supplied with the mgetty-sendfax package
use a file named /var/spool/fax/outgoing/.lastrun to keep track of the date
and time when the faxrunq command was last run.  /var/tmp is a
world-writable directory, and no check is made to ensure that .lastrun is
not a symbolic link to another file.  A malicious user can create a
symbolic link named /var/spool/fax/outgoing/.lastrun which points to any
file on a mounted filesystem, and that file's contents will be destroyed
the next time faxrunq is run.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  (  for more info):

11874 - Mgetty packages default config is a security threat
17178 - one more security problem with mgetty
17179 - security problem with mgetty

6. RPMs required:

Red Hat Linux 5.2:

sparc: 
  
  
  
 

alpha: 
  
  
  
 

i386: 
  
  
  
 

sources: 
 

Red Hat Linux 6.0, 6.1, and 6.2:

sparc: 
  
  
  
 

i386: 
  
  
  
 

alpha: 
  
  
  
 

sources: 
 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
b27b3fda4c0d0e7ac7b74353c4f1f145  5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm
b652205f79715212bef4c98f0d624f6d  5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm
dcc1ae6fa8cf601c3418d0affbf91039  5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm
fe85f4fe5367d619b160987e912b7e24  5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm
c2d5a314915ade00c98ba3fe4ce5712b  5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm
f2fb0d8bf7f3b2140a3e21170399bc7c  5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm
e3773830446a4fba7555d70732a2938d  5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm
245f0b0f00e1687401edd65db86cd7a9  5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm
f49678f5fc10297473b9415f7148fe94  5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm
45ff2fa65ed3411734a58162880ca19f  5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm
6b69116697c9636a9d3fc59f209d74ff  5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm
9db43716f48517d4bd6cf22253e975f1  5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm
1fabca053ad9a520d3065c00d31bb9d9  5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm
7b50848c4ef1d27d2c40e9f5e2c74f75  6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm
47d1b922a94ffe984a19285f2296907c  6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm
52c43e4d8195ee483459c0b273f064f4  6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm
3927d2ead5ef89b93f3799190af12535  6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm
4eb7013dee45011c6c7958be40e000fe  6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm
bd6ee4b93aa742d6cbc92bbae031c345  6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm
3539dc2f5c5bef8819a8bc781e0d3405  6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm
3a17e82b398d69c294952773a098c105  6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm
e61f3413ce93cd30c41eeb29caef2177  6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm
03d15f11dafe000ad55c3290974ae670  6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm
7ae49a988c81a450cabc7f2ca6d24a76  6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm
b903bc9f9531ed015248e7e000f58884  6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm
985ee71161bb9bb1c73325115e0150f3  6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
      

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 


Thanks also go to Stan Bubrouski, Gert Doering, and mal@mail1.nai.net.


Copyright(c) 2000 Red Hat, Inc.

`

RedHat: Updated 'mgetty' packages available

The mgetty-sendfax package contains a vulnerability

Summary

Summary

The faxrunq and faxrunqd commands supplied with the mgetty-sendfax packageuse a file named /var/spool/fax/outgoing/.lastrun to keep track of the dateand time when the faxrunq command was last run. /var/tmp is aworld-writable directory, and no check is made to ensure that .lastrun isnot a symbolic link to another file. A malicious user can create asymbolic link named /var/spool/fax/outgoing/.lastrun which points to anyfile on a mounted filesystem, and that file's contents will be destroyedthe next time faxrunq is run.

Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed ( for more info):
11874 - Mgetty packages default config is a security threat 17178 - one more security problem with mgetty 17179 - security problem with mgetty
6. RPMs required:
Red Hat Linux 5.2:
sparc:

alpha:

i386:

sources:

Red Hat Linux 6.0, 6.1, and 6.2:
sparc:

i386:

alpha:

sources:

7. Verification:
MD5 sum Package Name b27b3fda4c0d0e7ac7b74353c4f1f145 5.2/SRPMS/mgetty-1.1.22-1.5.x.src.rpm b652205f79715212bef4c98f0d624f6d 5.2/alpha/mgetty-1.1.22-1.5.x.alpha.rpm dcc1ae6fa8cf601c3418d0affbf91039 5.2/alpha/mgetty-sendfax-1.1.22-1.5.x.alpha.rpm fe85f4fe5367d619b160987e912b7e24 5.2/alpha/mgetty-viewfax-1.1.22-1.5.x.alpha.rpm c2d5a314915ade00c98ba3fe4ce5712b 5.2/alpha/mgetty-voice-1.1.22-1.5.x.alpha.rpm f2fb0d8bf7f3b2140a3e21170399bc7c 5.2/i386/mgetty-1.1.22-1.5.x.i386.rpm e3773830446a4fba7555d70732a2938d 5.2/i386/mgetty-sendfax-1.1.22-1.5.x.i386.rpm 245f0b0f00e1687401edd65db86cd7a9 5.2/i386/mgetty-viewfax-1.1.22-1.5.x.i386.rpm f49678f5fc10297473b9415f7148fe94 5.2/i386/mgetty-voice-1.1.22-1.5.x.i386.rpm 45ff2fa65ed3411734a58162880ca19f 5.2/sparc/mgetty-1.1.22-1.5.x.sparc.rpm 6b69116697c9636a9d3fc59f209d74ff 5.2/sparc/mgetty-sendfax-1.1.22-1.5.x.sparc.rpm 9db43716f48517d4bd6cf22253e975f1 5.2/sparc/mgetty-viewfax-1.1.22-1.5.x.sparc.rpm 1fabca053ad9a520d3065c00d31bb9d9 5.2/sparc/mgetty-voice-1.1.22-1.5.x.sparc.rpm 7b50848c4ef1d27d2c40e9f5e2c74f75 6.2/SRPMS/mgetty-1.1.22-1.6.x.src.rpm 47d1b922a94ffe984a19285f2296907c 6.2/alpha/mgetty-1.1.22-1.6.x.alpha.rpm 52c43e4d8195ee483459c0b273f064f4 6.2/alpha/mgetty-sendfax-1.1.22-1.6.x.alpha.rpm 3927d2ead5ef89b93f3799190af12535 6.2/alpha/mgetty-viewfax-1.1.22-1.6.x.alpha.rpm 4eb7013dee45011c6c7958be40e000fe 6.2/alpha/mgetty-voice-1.1.22-1.6.x.alpha.rpm bd6ee4b93aa742d6cbc92bbae031c345 6.2/i386/mgetty-1.1.22-1.6.x.i386.rpm 3539dc2f5c5bef8819a8bc781e0d3405 6.2/i386/mgetty-sendfax-1.1.22-1.6.x.i386.rpm 3a17e82b398d69c294952773a098c105 6.2/i386/mgetty-viewfax-1.1.22-1.6.x.i386.rpm e61f3413ce93cd30c41eeb29caef2177 6.2/i386/mgetty-voice-1.1.22-1.6.x.i386.rpm 03d15f11dafe000ad55c3290974ae670 6.2/sparc/mgetty-1.1.22-1.6.x.sparc.rpm 7ae49a988c81a450cabc7f2ca6d24a76 6.2/sparc/mgetty-sendfax-1.1.22-1.6.x.sparc.rpm b903bc9f9531ed015248e7e000f58884 6.2/sparc/mgetty-viewfax-1.1.22-1.6.x.sparc.rpm 985ee71161bb9bb1c73325115e0150f3 6.2/sparc/mgetty-voice-1.1.22-1.6.x.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:

You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

Thanks also go to Stan Bubrouski, Gert Doering, and mal@mail1.nai.net. Copyright(c) 2000 Red Hat, Inc. `

Package List

Severity

Advisory ID: RHSA-2000:059-02

Issued Date: : 2000-09-07

Updated on: 2000-09-11

Product: Red Hat Linux

Keywords: N/A

Cross references: N/A

Topic

Topic

The mgetty-sendfax package contains a vulnerability which allows any

user with access to the /var/tmp directory to destroy any file on any

mounted filesystem.

Relevant Releases Architectures

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2E - i386, alpha, sparc

Bugs Fixed

Related News

23.Tablet Connections Esm H320

Ubuntu 24.04 Security Enhancements Analyzed

2 - 3 min read

Apr 25, 2024

The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements

4.Lock AbstractDigital Esm H320

Tails 6.2 Improves Security, Expands Multilingual Support

2 - 3 min read

Apr 24, 2024

Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a

19.Laptop Bed Esm H320

Why You Should Consider AlmaLinux 9.4 Beta for Your Desktop

2 - 3 min read

Apr 23, 2024

AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a

32.Lock Code Circular Esm H320

How to Keep Your Linux System Safe from Kernel Bugs

2 - 3 min read

Apr 23, 2024

Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.

1.Penguin Landscape Esm H320

Spectre V2: A New Threat to Linux Systems

2 - 3 min read

Apr 23, 2024

A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's

10.FingerPrint Locks Esm H320

I2P 2.5.0 Release Brings Improvements in Tunnels, I2PSnark & More

2 - 3 min read

Apr 22, 2024

The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew

24.Key Code Esm H320

Akira Ransomware Gang Targets Linux Servers, Extorts $42 Million

2 - 3 min read

Apr 19, 2024

The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on

5.ShakingHands Esm H320

Linus Torvalds Addresses Malicious Developers, Hardware Errors and More at Open Source Summit

2 - 3 min read

Apr 18, 2024

At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved