- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Low: busybox security update
Advisory ID:       RHSA-2007:0244-02
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0244.html
Issue date:        2007-05-01
Updated on:        2007-05-01
Product:           Red Hat Enterprise Linux
Keywords:          passwd password salt
CVE Names:         CVE-2006-1058 
- ---------------------------------------------------------------------1. Summary:

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file. 
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

ppc:
fc6013011a2d944a442901c8a0de1400  busybox-1.00.rc1-7.el4.ppc.rpm
db566bb18a8f8e94867a72ca6b0fcffe  busybox-anaconda-1.00.rc1-7.el4.ppc.rpm
c173d1da417e684ecee543c6705839c8  busybox-debuginfo-1.00.rc1-7.el4.ppc.rpm

s390:
11d4fee314ba2cd27668ac83c3578d60  busybox-1.00.rc1-7.el4.s390.rpm
512b3cebe22667f0302529ab275f385e  busybox-anaconda-1.00.rc1-7.el4.s390.rpm
0202d2b541d01c7bccfa37bd631700b5  busybox-debuginfo-1.00.rc1-7.el4.s390.rpm

s390x:
411da7f089bd7137bc8e87e16433873b  busybox-1.00.rc1-7.el4.s390x.rpm
955f8e60ee02fbf5006990ed3ce8320c  busybox-anaconda-1.00.rc1-7.el4.s390x.rpm
c33265d15a9affb07f42563de1748640  busybox-debuginfo-1.00.rc1-7.el4.s390x.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ea2688de7955de4405bfc008b05378c3  busybox-1.00.rc1-7.el4.src.rpm

i386:
0c75c06c661fa74ae832fcc4a7153ab8  busybox-1.00.rc1-7.el4.i386.rpm
daf7431daa3182f804f1b894dadab07f  busybox-anaconda-1.00.rc1-7.el4.i386.rpm
0461ac0f9559603d5d63b3f3caddf5d9  busybox-debuginfo-1.00.rc1-7.el4.i386.rpm

ia64:
18a46f64c36e642650a9ebb363b54b0e  busybox-1.00.rc1-7.el4.ia64.rpm
3b590129989305b1c24a1de53c7ae08d  busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
ba4c2058d9fc7bb310639ede4d89c581  busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm

x86_64:
e5a89cfec326d1a3ad4b20c0c2c491b6  busybox-1.00.rc1-7.el4.x86_64.rpm
b43c019639dff4050734fb850aecdd1e  busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
15cfbd33e8f4778569d3dbeb775c8303  busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Low: busybox security update

Updated busybox packages that fix a security issue are now available. BusyBox did not use a salt when generating passwords

Summary



Summary

Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be useful for recovering from certain types of system failures. BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file. (CVE-2006-1058) All users of busybox are advised to upgrade to these updated packages, which contain a patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386: 0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm 0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64: 18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm 3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
ppc: fc6013011a2d944a442901c8a0de1400 busybox-1.00.rc1-7.el4.ppc.rpm db566bb18a8f8e94867a72ca6b0fcffe busybox-anaconda-1.00.rc1-7.el4.ppc.rpm c173d1da417e684ecee543c6705839c8 busybox-debuginfo-1.00.rc1-7.el4.ppc.rpm
s390: 11d4fee314ba2cd27668ac83c3578d60 busybox-1.00.rc1-7.el4.s390.rpm 512b3cebe22667f0302529ab275f385e busybox-anaconda-1.00.rc1-7.el4.s390.rpm 0202d2b541d01c7bccfa37bd631700b5 busybox-debuginfo-1.00.rc1-7.el4.s390.rpm
s390x: 411da7f089bd7137bc8e87e16433873b busybox-1.00.rc1-7.el4.s390x.rpm 955f8e60ee02fbf5006990ed3ce8320c busybox-anaconda-1.00.rc1-7.el4.s390x.rpm c33265d15a9affb07f42563de1748640 busybox-debuginfo-1.00.rc1-7.el4.s390x.rpm
x86_64: e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm 15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386: 0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm 0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
x86_64: e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm 15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386: 0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm 0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64: 18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm 3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
x86_64: e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm 15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ea2688de7955de4405bfc008b05378c3 busybox-1.00.rc1-7.el4.src.rpm
i386: 0c75c06c661fa74ae832fcc4a7153ab8 busybox-1.00.rc1-7.el4.i386.rpm daf7431daa3182f804f1b894dadab07f busybox-anaconda-1.00.rc1-7.el4.i386.rpm 0461ac0f9559603d5d63b3f3caddf5d9 busybox-debuginfo-1.00.rc1-7.el4.i386.rpm
ia64: 18a46f64c36e642650a9ebb363b54b0e busybox-1.00.rc1-7.el4.ia64.rpm 3b590129989305b1c24a1de53c7ae08d busybox-anaconda-1.00.rc1-7.el4.ia64.rpm ba4c2058d9fc7bb310639ede4d89c581 busybox-debuginfo-1.00.rc1-7.el4.ia64.rpm
x86_64: e5a89cfec326d1a3ad4b20c0c2c491b6 busybox-1.00.rc1-7.el4.x86_64.rpm b43c019639dff4050734fb850aecdd1e busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm 15cfbd33e8f4778569d3dbeb775c8303 busybox-debuginfo-1.00.rc1-7.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058 http://www.redhat.com/security/updates/classification/#low

Package List


Severity
Advisory ID: RHSA-2007:0244-02
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0244.html
Issued Date: : 2007-05-01
Updated on: 2007-05-01
Product: Red Hat Enterprise Linux
Keywords: passwd password salt
CVE Names: CVE-2006-1058 Updated busybox packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved