LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 28th, 2014
Linux Advisory Watch: November 21st, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: busybox security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated busybox packages that fix a security issue are now available. BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: busybox security update
Advisory ID:       RHSA-2007:0244-02
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0244.html
Issue date:        2007-05-01
Updated on:        2007-05-01
Product:           Red Hat Enterprise Linux
Keywords:          passwd password salt
CVE Names:         CVE-2006-1058 
- ---------------------------------------------------------------------

1. Summary:

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file. 
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

ppc:
fc6013011a2d944a442901c8a0de1400  busybox-1.00.rc1-7.el4.ppc.rpm
db566bb18a8f8e94867a72ca6b0fcffe  busybox-anaconda-1.00.rc1-7.el4.ppc.rpm
c173d1da417e684ecee543c6705839c8  busybox-debuginfo-1.00.rc1-7.el4.ppc.rpm

s390:
11d4fee314ba2cd27668ac83c3578d60  busybox-1.00.rc1-7.el4.s390.rpm
512b3cebe22667f0302529ab275f385e  busybox-anaconda-1.00.rc1-7.el4.s390.rpm
0202d2b541d01c7bccfa37bd631700b5  busybox-debuginfo-1.00.rc1-7.el4.s390.rpm

s390x:
411da7f089bd7137bc8e87e16433873b  busybox-1.00.rc1-7.el4.s390x.rpm
955f8e60ee02fbf5006990ed3ce8320c  busybox-anaconda-1.00.rc1-7.el4.s390x.rpm
c33265d15a9affb07f42563de1748640  busybox-debuginfo-1.00.rc1-7.el4.s390x.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/busybox-1.00.rc1-7.el4.src.rpm
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.