LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: PHP mail vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse the 5th parameter to the mail() function. This vulnerability allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New PHP packages fix vulnerability in safemode
Advisory ID:       RHSA-2002:102-26
Issue date:        2002-05-27
Updated on:        2002-08-19
Product:           Red Hat Linux
Keywords:          mail PHP safemode 5th parameter
Cross references:  
Obsoletes:         RHSA-2002:035
CVE Names:         CAN-2001-1246
---------------------------------------------------------------------

1. Topic:

PHP versions earlier than 4.1.0 contain a vulnerability that could allow
arbitrary commands to be executed.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with Apache. PHP
versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2001-1246 to this issue.

Red Hat Linux version 7.2 shipped with PHP 4.0.6 by default, which is
vulnerable to this issue.

Versions of Red Hat Linux before 7.2 shipped with an earlier version of PHP
not vulnerable to this issue. However, if the the most recent errata
(RHSA-2002:035) was applied to these systems, then they *are* vulnerable
and should be upgraded.

It is highly recommended that all users of PHP upgrade to these errata
packages, which are not vulnerable to this issue.

Please Note:

This PHP errata enforces memory limits on the size of the PHP process to
prevent a badly generated script from becoming a possible source for a
denial of service attack. The default process size is 8Mb though you can
adjust this as you deem necessary thought the php.ini directive
memory_limit. For example, to change the process memory limit to 4MB, add
the following:

memory_limit 4194304

Important Note:

There are special instructions you should follow regarding your
/etc/php.ini configuration file in the Solution section below.

4. Solution:

Please note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/php-4.1.2-7.0.3.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-manual-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-odbc-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-imap-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-mysql-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-devel-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-snmp-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-ldap-4.1.2-7.0.3.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-pgsql-4.1.2-7.0.3.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-manual-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-odbc-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-imap-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-mysql-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-devel-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-snmp-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-ldap-4.1.2-7.0.3.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-pgsql-4.1.2-7.0.3.i386.rpm

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/php-4.1.2-7.1.3.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-manual-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-odbc-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-imap-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-mysql-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-devel-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-snmp-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-ldap-4.1.2-7.1.3.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-pgsql-4.1.2-7.1.3.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-manual-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-odbc-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-imap-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-mysql-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-devel-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-snmp-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-ldap-4.1.2-7.1.3.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-pgsql-4.1.2-7.1.3.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-manual-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-odbc-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-imap-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-mysql-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-devel-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-snmp-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-ldap-4.1.2-7.1.3.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-pgsql-4.1.2-7.1.3.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/php-4.1.2-7.2.3.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-manual-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-odbc-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-imap-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-mysql-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-devel-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-snmp-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-ldap-4.1.2-7.2.3.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-pgsql-4.1.2-7.2.3.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-manual-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-odbc-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-imap-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-mysql-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-devel-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-snmp-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-ldap-4.1.2-7.2.3.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-pgsql-4.1.2-7.2.3.ia64.rpm

Red Hat Linux 7.3:


SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/php-4.1.2-7.3.3.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-manual-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-odbc-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-imap-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-mysql-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-devel-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-snmp-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-ldap-4.1.2-7.3.3.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-pgsql-4.1.2-7.3.3.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
a2ee962d03d4a66d8b4f064aa7bc4596 7.0/en/os/SRPMS/php-4.1.2-7.0.3.src.rpm
750e7b91eb1b948c1ada6b6e14745019 7.0/en/os/alpha/php-4.1.2-7.0.3.alpha.rpm
7e8630c06b5387206308b2d58d3d2e27 7.0/en/os/alpha/php-devel-4.1.2-7.0.3.alpha.rpm
e99a263708ed7344d6b0dca89a7bedd7 7.0/en/os/alpha/php-imap-4.1.2-7.0.3.alpha.rpm
f9383dea9e04cb29329d40703e83dc9d 7.0/en/os/alpha/php-ldap-4.1.2-7.0.3.alpha.rpm
37f80225c1bc981140ff08b675333f44 7.0/en/os/alpha/php-manual-4.1.2-7.0.3.alpha.rpm
322b0acb43409534b969741d1059158f 7.0/en/os/alpha/php-mysql-4.1.2-7.0.3.alpha.rpm
244f984a506cb4e4ba8ede42d52890ad 7.0/en/os/alpha/php-odbc-4.1.2-7.0.3.alpha.rpm
5cd223c968ba2dd19e6851ab2b650edd 7.0/en/os/alpha/php-pgsql-4.1.2-7.0.3.alpha.rpm
ee25efa287c33c897141564a21ce3f25 7.0/en/os/alpha/php-snmp-4.1.2-7.0.3.alpha.rpm
df35c9aeaf9c254b0489d173ecc7d248 7.0/en/os/i386/php-4.1.2-7.0.3.i386.rpm
e7a51b96b17f65471d7e900af418405b 7.0/en/os/i386/php-devel-4.1.2-7.0.3.i386.rpm
b30b20df764294804528efad22a9a232 7.0/en/os/i386/php-imap-4.1.2-7.0.3.i386.rpm
524665531d576c6e8dbe4ca0588138a0 7.0/en/os/i386/php-ldap-4.1.2-7.0.3.i386.rpm
6e7c5348752eff801507a5474bc523f8 7.0/en/os/i386/php-manual-4.1.2-7.0.3.i386.rpm
9ffd7688ed63a65dc2ba45a39775dfac 7.0/en/os/i386/php-mysql-4.1.2-7.0.3.i386.rpm
97270c6acfb9a7b81b2640fc233d2a80 7.0/en/os/i386/php-odbc-4.1.2-7.0.3.i386.rpm
42760e93ad046f1d355a48b0d65d5506 7.0/en/os/i386/php-pgsql-4.1.2-7.0.3.i386.rpm
8775b297d5b31e0637ba408ffbc35fcf 7.0/en/os/i386/php-snmp-4.1.2-7.0.3.i386.rpm
22eb1586d39c15f391289576cc86df48 7.1/en/os/SRPMS/php-4.1.2-7.1.3.src.rpm
a21ba4abbf2316c753f8e52e6e47f002 7.1/en/os/alpha/php-4.1.2-7.1.3.alpha.rpm
059fafb0eced5dfe9cecf9150f8ecdff 7.1/en/os/alpha/php-devel-4.1.2-7.1.3.alpha.rpm
e912f96d952301e59ee292e6a09c5d17 7.1/en/os/alpha/php-imap-4.1.2-7.1.3.alpha.rpm
3d01db9cd6c18387fc86bad872f19996 7.1/en/os/alpha/php-ldap-4.1.2-7.1.3.alpha.rpm
b02be8a598b1e35847a5717691cfd4eb 7.1/en/os/alpha/php-manual-4.1.2-7.1.3.alpha.rpm
509faf7624f199aa0998608a01067d11 7.1/en/os/alpha/php-mysql-4.1.2-7.1.3.alpha.rpm
89bc30f6f02235261235758419615d85 7.1/en/os/alpha/php-odbc-4.1.2-7.1.3.alpha.rpm
7c88ce1fb8060de300ea6575324b9964 7.1/en/os/alpha/php-pgsql-4.1.2-7.1.3.alpha.rpm
f1a0ef5807f55c6df45002feff5be0aa 7.1/en/os/alpha/php-snmp-4.1.2-7.1.3.alpha.rpm
0e91ea0f81ad8f2e3c14d9599efc864b 7.1/en/os/i386/php-4.1.2-7.1.3.i386.rpm
c8f574834d7acbda486119f52ee0b0d7 7.1/en/os/i386/php-devel-4.1.2-7.1.3.i386.rpm
beaa1ce1217afc83cdeebfba9163c7c1 7.1/en/os/i386/php-imap-4.1.2-7.1.3.i386.rpm
41fcabdc59a3f417623dc9c963a6b45d 7.1/en/os/i386/php-ldap-4.1.2-7.1.3.i386.rpm
9dfb36f4ded01b1d94387a1ac9f87a76 7.1/en/os/i386/php-manual-4.1.2-7.1.3.i386.rpm
60e4469799954c8a36632fc2e753de11 7.1/en/os/i386/php-mysql-4.1.2-7.1.3.i386.rpm
b74c269986aaa4ba4f3f149efbc611da 7.1/en/os/i386/php-odbc-4.1.2-7.1.3.i386.rpm
a043736dd3ae42823bc1e608c50aee97 7.1/en/os/i386/php-pgsql-4.1.2-7.1.3.i386.rpm
6a12c67b6f383d498eef598b193775ad 7.1/en/os/i386/php-snmp-4.1.2-7.1.3.i386.rpm
87ad9a08a1fd3a835581c266639d0d87 7.1/en/os/ia64/php-4.1.2-7.1.3.ia64.rpm
e74adc2cfeefeb9522244410bac2db38 7.1/en/os/ia64/php-devel-4.1.2-7.1.3.ia64.rpm
ff472ad79eca51960a3b0286e5bdf48d 7.1/en/os/ia64/php-imap-4.1.2-7.1.3.ia64.rpm
009f887ea1e3168e031605055c73e44e 7.1/en/os/ia64/php-ldap-4.1.2-7.1.3.ia64.rpm
da6c1c091989de604f316c48a4c4b757 7.1/en/os/ia64/php-manual-4.1.2-7.1.3.ia64.rpm
c11d30cd25d2565ba941857e3a60a7a2 7.1/en/os/ia64/php-mysql-4.1.2-7.1.3.ia64.rpm
166f9ac22b4faf7e4aab0495d1a1467c 7.1/en/os/ia64/php-odbc-4.1.2-7.1.3.ia64.rpm
ce1c8f7f04c6d150c20210d2071a88b6 7.1/en/os/ia64/php-pgsql-4.1.2-7.1.3.ia64.rpm
ff02ebff8b568a476e7d2469a5db901a 7.1/en/os/ia64/php-snmp-4.1.2-7.1.3.ia64.rpm
17767caa1c540ae7467032b507dc537b 7.2/en/os/SRPMS/php-4.1.2-7.2.3.src.rpm
5ee69c9773909727327b52ac257f9c7f 7.2/en/os/i386/php-4.1.2-7.2.3.i386.rpm
7660b8e758d56a6b176ecfc9b511e0f1 7.2/en/os/i386/php-devel-4.1.2-7.2.3.i386.rpm
0fcdfc60bdb7984f676f1f1433307f02 7.2/en/os/i386/php-imap-4.1.2-7.2.3.i386.rpm
422f4977bf916c14ade9b1f508279f5a 7.2/en/os/i386/php-ldap-4.1.2-7.2.3.i386.rpm
69f78016ffdbde0b250548d04653a78e 7.2/en/os/i386/php-manual-4.1.2-7.2.3.i386.rpm
d50c9c8054bb98eb18b2233392c7791f 7.2/en/os/i386/php-mysql-4.1.2-7.2.3.i386.rpm
c9a434dec3de1aa47a43f8fe1977eab1 7.2/en/os/i386/php-odbc-4.1.2-7.2.3.i386.rpm
8a9781796430c4c11b490e8bfe9aa1d1 7.2/en/os/i386/php-pgsql-4.1.2-7.2.3.i386.rpm
f5feae57a884690a8c20098938371af8 7.2/en/os/i386/php-snmp-4.1.2-7.2.3.i386.rpm
716e0dd9ea1049c4c38957120d41aaf5 7.2/en/os/ia64/php-4.1.2-7.2.3.ia64.rpm
42702bc5eef0a42b2be3b6562ff48a73 7.2/en/os/ia64/php-devel-4.1.2-7.2.3.ia64.rpm
a9bf2a4cca701b9fe83c5f6e9e9ae4e2 7.2/en/os/ia64/php-imap-4.1.2-7.2.3.ia64.rpm
18ae95909ca09ec897e313828b9d3eb8 7.2/en/os/ia64/php-ldap-4.1.2-7.2.3.ia64.rpm
6223f95f7279913fde43c992fe17301a 7.2/en/os/ia64/php-manual-4.1.2-7.2.3.ia64.rpm
649c0fa4c72ac1bb9e08c935dba3ce7d 7.2/en/os/ia64/php-mysql-4.1.2-7.2.3.ia64.rpm
0ce6494f01975351bd926beec07c3a7f 7.2/en/os/ia64/php-odbc-4.1.2-7.2.3.ia64.rpm
7fd8108c6fa9f553516dfb4c6d857cf0 7.2/en/os/ia64/php-pgsql-4.1.2-7.2.3.ia64.rpm
53377d928d58310481097ae001689da8 7.2/en/os/ia64/php-snmp-4.1.2-7.2.3.ia64.rpm
91f6379bc8ada6024971b80c6d553cca 7.3/en/os/SRPMS/php-4.1.2-7.3.3.src.rpm
236c34f6696dfce574270e05f53d863b 7.3/en/os/i386/php-4.1.2-7.3.3.i386.rpm
b1d20691d59cd9cef8b0e6671099c216 7.3/en/os/i386/php-devel-4.1.2-7.3.3.i386.rpm
34e57c7bc9ea368f9d4e32a1e2d1e908 7.3/en/os/i386/php-imap-4.1.2-7.3.3.i386.rpm
1fdc4d0de35fc93e66ec6601b8b32b03 7.3/en/os/i386/php-ldap-4.1.2-7.3.3.i386.rpm
02d02c10053f3738e13180520af22b1c 7.3/en/os/i386/php-manual-4.1.2-7.3.3.i386.rpm
98e8d5b9458d5dc26d57c5216e7d0877 7.3/en/os/i386/php-mysql-4.1.2-7.3.3.i386.rpm
9fb7dc54903aae71b907b4f86544e80e 7.3/en/os/i386/php-odbc-4.1.2-7.3.3.i386.rpm
c664feafa07b2b1f754e0cc37bcc0eeb 7.3/en/os/i386/php-pgsql-4.1.2-7.3.3.i386.rpm
c1de92828fedb0e88ed73a6ba4c94303 7.3/en/os/i386/php-snmp-4.1.2-7.3.3.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 


7. References:
 
http://online.securityfocus.com/archive/1/194425 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1246



Copyright(c) 2000, 2001, 2002 Red Hat, Inc.


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.