LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: 'php' Unauthorized access Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()function allowing local script authors to bypass safe mode restrictionsand possibly allowing remote attackers to insert arbitrary mail headers andcontent into the message.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New PHP packages fix vulnerability in mail function
Advisory ID:       RHSA-2002:213-06
Issue date:        2002-11-11
Updated on:        2002-11-11
Product:           Red Hat Linux
Keywords:          mail PHP safemode
Cross references:  
Obsoletes:         RHSA-2002:102
CVE Names:         CAN-2002-0985 CAN-2002-0986
---------------------------------------------------------------------

1. Topic:

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers and
content into the message.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server. 

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().

Note that this PHP errata, as did RHSA-2002:102, enforces memory limits on
the size of the PHP process to prevent a badly generated script from
becoming a possible source for a denial of service attack. The default
process size is 8MB, though you can adjust this as you deem necessary
through the php.ini directive memory_limit. For example, to change the
process memory limit to 4MB, add the following:

memory_limit 4194304

Important Note:

There are special instructions you should follow regarding your
/etc/php.ini configuration file in the "Solution" section below.

4. Solution:

Note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/os/SRPMS/php-4.1.2-7.0.6.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-manual-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-odbc-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-imap-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-mysql-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-devel-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-snmp-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-ldap-4.1.2-7.0.6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/os/alpha/php-pgsql-4.1.2-7.0.6.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-manual-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-odbc-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-imap-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-mysql-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-devel-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-snmp-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-ldap-4.1.2-7.0.6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/os/i386/php-pgsql-4.1.2-7.0.6.i386.rpm

Red Hat Linux 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/os/SRPMS/php-4.1.2-7.1.6.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-manual-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-odbc-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-imap-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-mysql-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-devel-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-snmp-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-ldap-4.1.2-7.1.6.alpha.rpm 
ftp://updates.Red Hat.com/7.1/en/os/alpha/php-pgsql-4.1.2-7.1.6.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-manual-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-odbc-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-imap-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-mysql-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-devel-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-snmp-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-ldap-4.1.2-7.1.6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/os/i386/php-pgsql-4.1.2-7.1.6.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-manual-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-odbc-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-imap-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-mysql-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-devel-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-snmp-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-ldap-4.1.2-7.1.6.ia64.rpm 
ftp://updates.Red Hat.com/7.1/en/os/ia64/php-pgsql-4.1.2-7.1.6.ia64.rpm

Red Hat Linux 7.2:

SRPMS: 
ftp://updates.Red Hat.com/7.2/en/os/SRPMS/php-4.1.2-7.2.6.src.rpm

i386: 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-manual-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-odbc-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-imap-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-mysql-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-devel-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-snmp-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-ldap-4.1.2-7.2.6.i386.rpm 
ftp://updates.Red Hat.com/7.2/en/os/i386/php-pgsql-4.1.2-7.2.6.i386.rpm

ia64: 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-manual-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-odbc-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-imap-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-mysql-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-devel-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-snmp-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-ldap-4.1.2-7.2.6.ia64.rpm 
ftp://updates.Red Hat.com/7.2/en/os/ia64/php-pgsql-4.1.2-7.2.6.ia64.rpm

Red Hat Linux 7.3:

SRPMS: 
ftp://updates.Red Hat.com/7.3/en/os/SRPMS/php-4.1.2-7.3.6.src.rpm

i386: 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-manual-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-odbc-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-imap-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-mysql-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-devel-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-snmp-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-ldap-4.1.2-7.3.6.i386.rpm 
ftp://updates.Red Hat.com/7.3/en/os/i386/php-pgsql-4.1.2-7.3.6.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
90485525497c469a4ebad9f4cdb12df8 7.0/en/os/SRPMS/php-4.1.2-7.0.6.src.rpm
084a7d46f430c3bbebb166e4e7dafccc 7.0/en/os/alpha/php-4.1.2-7.0.6.alpha.rpm
94633a4880759a222f2bf80e8e819279 7.0/en/os/alpha/php-devel-4.1.2-7.0.6.alpha.rpm
95bb88ac38275e294c1050ac8997ca78 7.0/en/os/alpha/php-imap-4.1.2-7.0.6.alpha.rpm
06478932240a2aae3c248393c206ac18 7.0/en/os/alpha/php-ldap-4.1.2-7.0.6.alpha.rpm
8ffee623bf1079478a2f8e0b3bc51e08 7.0/en/os/alpha/php-manual-4.1.2-7.0.6.alpha.rpm
9794474d1998299e5cbf87f43fad84f4 7.0/en/os/alpha/php-mysql-4.1.2-7.0.6.alpha.rpm
3c9b5bd9d7018979f5e6922ac4c8b281 7.0/en/os/alpha/php-odbc-4.1.2-7.0.6.alpha.rpm
dd9307df88f26af9ca98ccd8eb9cb4a1 7.0/en/os/alpha/php-pgsql-4.1.2-7.0.6.alpha.rpm
e88fc66b1bc54caa9e11c95b81fac09c 7.0/en/os/alpha/php-snmp-4.1.2-7.0.6.alpha.rpm
2087ee40822db5d1e15ad45d0a6927a0 7.0/en/os/i386/php-4.1.2-7.0.6.i386.rpm
1f890ae3e3811b0937d5d0fd75d80008 7.0/en/os/i386/php-devel-4.1.2-7.0.6.i386.rpm
a198cd678bc2769ff4c90c85132a8377 7.0/en/os/i386/php-imap-4.1.2-7.0.6.i386.rpm
19a42e427909ae7e70d48df284916c8a 7.0/en/os/i386/php-ldap-4.1.2-7.0.6.i386.rpm
886ce44baff31734f86fb6edb8b48f84 7.0/en/os/i386/php-manual-4.1.2-7.0.6.i386.rpm
dedcbf8e54013deb1acb32fed15d54ee 7.0/en/os/i386/php-mysql-4.1.2-7.0.6.i386.rpm
71dde819dad0e0f64b38eba29da5d886 7.0/en/os/i386/php-odbc-4.1.2-7.0.6.i386.rpm
a8c53e2406a1030570f56ea638929c1b 7.0/en/os/i386/php-pgsql-4.1.2-7.0.6.i386.rpm
1beb7c51989d53d7c69f9789cc66f9f4 7.0/en/os/i386/php-snmp-4.1.2-7.0.6.i386.rpm
6aa08613e86ec4b0751ecef7c59dd776 7.1/en/os/SRPMS/php-4.1.2-7.1.6.src.rpm
c998281ee18aa0eca71f2016389303df 7.1/en/os/alpha/php-4.1.2-7.1.6.alpha.rpm
9d84c486e9a3ba7cc06ded6266fec4cd 7.1/en/os/alpha/php-devel-4.1.2-7.1.6.alpha.rpm
535159e4058e4071da35b7aca17480d9 7.1/en/os/alpha/php-imap-4.1.2-7.1.6.alpha.rpm
4da8201f746aef01814a65ab91de11cb 7.1/en/os/alpha/php-ldap-4.1.2-7.1.6.alpha.rpm
b1ee6cd91a2bc9419360fb8e19db3799 7.1/en/os/alpha/php-manual-4.1.2-7.1.6.alpha.rpm
6915c0b726d8e940aa9ea1186e7fac01 7.1/en/os/alpha/php-mysql-4.1.2-7.1.6.alpha.rpm
2ad85a017151c67500274b705eb63068 7.1/en/os/alpha/php-odbc-4.1.2-7.1.6.alpha.rpm
55e772bb4fa8a0c4f374fa765bc4dd50 7.1/en/os/alpha/php-pgsql-4.1.2-7.1.6.alpha.rpm
473568869164589f88e3ab6b5ccfd740 7.1/en/os/alpha/php-snmp-4.1.2-7.1.6.alpha.rpm
5dc6df9aea830c63e53de060f09eab35 7.1/en/os/i386/php-4.1.2-7.1.6.i386.rpm
50e5e688c8b96b39aabc60fb21c31117 7.1/en/os/i386/php-devel-4.1.2-7.1.6.i386.rpm
453ae087a6c61ebf2243438721f38f76 7.1/en/os/i386/php-imap-4.1.2-7.1.6.i386.rpm
a3e13d3311c0e42f8afdc8bcc5d6febb 7.1/en/os/i386/php-ldap-4.1.2-7.1.6.i386.rpm
439133a1fbc04fbf416c0969192f8863 7.1/en/os/i386/php-manual-4.1.2-7.1.6.i386.rpm
585169e96d346ef0b40f31a3e8a10acf 7.1/en/os/i386/php-mysql-4.1.2-7.1.6.i386.rpm
3a10578944aa7f8b3644161f80cc508b 7.1/en/os/i386/php-odbc-4.1.2-7.1.6.i386.rpm
86289d09f17a996bb2ba10195f19e4db 7.1/en/os/i386/php-pgsql-4.1.2-7.1.6.i386.rpm
f1d0a3e7b156cfc1456e530bed0f24d9 7.1/en/os/i386/php-snmp-4.1.2-7.1.6.i386.rpm
756fb7a0f1cf9e553336985b457ca031 7.1/en/os/ia64/php-4.1.2-7.1.6.ia64.rpm
adf1441f6531bcbf4c28099ea6b2b043 7.1/en/os/ia64/php-devel-4.1.2-7.1.6.ia64.rpm
1ffbe521674b69e4dd803f83ff93fd11 7.1/en/os/ia64/php-imap-4.1.2-7.1.6.ia64.rpm
a73a8d1442eb3ddfe4d04ab1f5fa5537 7.1/en/os/ia64/php-ldap-4.1.2-7.1.6.ia64.rpm
e223b0684b29a924517f805d8058c51f 7.1/en/os/ia64/php-manual-4.1.2-7.1.6.ia64.rpm
854ee2456eaa097a5d1a982ab700fb52 7.1/en/os/ia64/php-mysql-4.1.2-7.1.6.ia64.rpm
b403ad7a65003754915a2d69d227bfba 7.1/en/os/ia64/php-odbc-4.1.2-7.1.6.ia64.rpm
de9880f7bb9be4b2d762d3a1f0a904c5 7.1/en/os/ia64/php-pgsql-4.1.2-7.1.6.ia64.rpm
2daf7b792b1c7e31d9e67738a1f25ddc 7.1/en/os/ia64/php-snmp-4.1.2-7.1.6.ia64.rpm
d1200bf5bb11f41a2d7cfccb7e81a546 7.2/en/os/SRPMS/php-4.1.2-7.2.6.src.rpm
6878faca22f015da9f3f68ac568b13d9 7.2/en/os/i386/php-4.1.2-7.2.6.i386.rpm
cee00c2d2a4cee6e8b6c3c8f37ea89fe 7.2/en/os/i386/php-devel-4.1.2-7.2.6.i386.rpm
557c9f75d8fbdf6e06154cd4fa97002e 7.2/en/os/i386/php-imap-4.1.2-7.2.6.i386.rpm
e4814351b9db60cb7d7b8801eb543e1d 7.2/en/os/i386/php-ldap-4.1.2-7.2.6.i386.rpm
a74aca25eef4838c4aa56722e7c59213 7.2/en/os/i386/php-manual-4.1.2-7.2.6.i386.rpm
f393631c119c73e78ea1a441229f6a34 7.2/en/os/i386/php-mysql-4.1.2-7.2.6.i386.rpm
a59dc41370ce0a1867ec603567e75c91 7.2/en/os/i386/php-odbc-4.1.2-7.2.6.i386.rpm
9db516d929d817375e5df1e65cec8874 7.2/en/os/i386/php-pgsql-4.1.2-7.2.6.i386.rpm
57a7738197dec4bdc49ddf164b1f8ee7 7.2/en/os/i386/php-snmp-4.1.2-7.2.6.i386.rpm
f57ed9a83fe2205b500c3c604bc4b50e 7.2/en/os/ia64/php-4.1.2-7.2.6.ia64.rpm
c21dbae091815b81de1b2cb88e5b2088 7.2/en/os/ia64/php-devel-4.1.2-7.2.6.ia64.rpm
578792bfed2b1cacae39ab44072cac2a 7.2/en/os/ia64/php-imap-4.1.2-7.2.6.ia64.rpm
cd49f2ac0192b8da16ee98386641dc99 7.2/en/os/ia64/php-ldap-4.1.2-7.2.6.ia64.rpm
684f534069f2c533e08d83c54c7a7946 7.2/en/os/ia64/php-manual-4.1.2-7.2.6.ia64.rpm
0c270888c9c049335e3e4d907b97841c 7.2/en/os/ia64/php-mysql-4.1.2-7.2.6.ia64.rpm
90a15b51bf3f14bb19a53b7efd90c239 7.2/en/os/ia64/php-odbc-4.1.2-7.2.6.ia64.rpm
95835a51257fb5b337e335f635654bdd 7.2/en/os/ia64/php-pgsql-4.1.2-7.2.6.ia64.rpm
2d7b408823c692d8b347a4a280dc1b9e 7.2/en/os/ia64/php-snmp-4.1.2-7.2.6.ia64.rpm
49856911f9172d859529190d65358953 7.3/en/os/SRPMS/php-4.1.2-7.3.6.src.rpm
d541da613f5eae7b3f153b0622099b5f 7.3/en/os/i386/php-4.1.2-7.3.6.i386.rpm
8d08d1daae515fd1516bee5fef782fa9 7.3/en/os/i386/php-devel-4.1.2-7.3.6.i386.rpm
d2a49ba3a04906a01a9e3ea01ebe7013 7.3/en/os/i386/php-imap-4.1.2-7.3.6.i386.rpm
ec745cc76cd4f01f095d3dd8b1fb8683 7.3/en/os/i386/php-ldap-4.1.2-7.3.6.i386.rpm
2cb508396bd1d00e831f996644166df2 7.3/en/os/i386/php-manual-4.1.2-7.3.6.i386.rpm
8b6d67c4984cd5331e20e40813ecf9dd 7.3/en/os/i386/php-mysql-4.1.2-7.3.6.i386.rpm
3915f34de79134e5c471893516462b75 7.3/en/os/i386/php-odbc-4.1.2-7.3.6.i386.rpm
e95d036edde0c536ef70bd9d43d29ef0 7.3/en/os/i386/php-pgsql-4.1.2-7.3.6.i386.rpm
ed7d6075641acb74f3c3a59f929bcc63 7.3/en/os/i386/php-snmp-4.1.2-7.3.6.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at  http://www.Red Hat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


7. References:
 
http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986

8. Contact:

The Red Hat security contact is <security@Red Hat.com>.  More contact
details at  http://www.Red Hat.com/solutions/security/news/contact.html

Copyright(c) 2000, 2001, 2002 Red Hat, Inc.





 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.