Date: 26 April 2001
References: ESB-2001.175
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.169 -- Debian Security Advisory DSA 052-1
sendfile broken privileges dropping
26 April 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: sendfile
Vendor: Debian
Operating System: Debian GNU/Linux 2.2
Linux
Platform: Alpha
ARM
Intel
Motorola
PowerPC
Sparc
Impact: Root Compromise
Access Required: Local
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ----------------------------------------------------------------------------
Debian Security Advisory DSA 052-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 23, 2001
- - ----------------------------------------------------------------------------
Package : sendfile
Vulnerability : broken privileges dropping
Problem-Type : local root exploit
Debian-specific: no
Daniel Kobras has discovered and fixed a problem in sendfiled which
caused the daemon not to drop privileges as expected when sendnig
notification mails. Exploiting this a local user can easily make it
execute arbitrary code under root privileges.
We recommend that you upgrade your sendfile packages immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- - ------------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.3.diff.gz
MD5 checksum: 91355d38eb584f73686fc277edb9d6aa
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.3.dsc
MD5 checksum: c9fea4f8195620c2a05088953dbf3306
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1.orig.tar.gz
MD5 checksum: cff003126595d8e77143c42ef898dc10
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/sendfile_2.1-20.3_alpha.deb
MD5 checksum: 94f00bf4b61d0ef2b71014be3e09dc33
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/sendfile_2.1-20.3_arm.deb
MD5 checksum: affd585c9ea55d9b466263161b295dbb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/sendfile_2.1-20.3_i386.deb
MD5 checksum: 0b8437721a0e93672fbecb672c1e3ad3
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/sendfile_2.1-20.3_m68k.deb
MD5 checksum: fbb6585f80028d6af6dfdf2267f0b29a
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sendfile_2.1-20.3_powerpc.deb
MD5 checksum: 4f355d75c926837ae769c7322f9ec3e3
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/sendfile_2.1-20.3_sparc.deb
MD5 checksum: 0f062e9333c54bfd92e6477e0f4a984e
These files will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- - ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE64/4PW5ql+IAeqTIRAvrRAKCxoADQn/2aO8V/FGen2OJ/TFhY3wCgr7fC
ryQewBUJr1+yAj5ATUJGJ3M=
=OtqJ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOug7ASh9+71yA2DNAQEUSwP/VHc5Dw+lxGqn/5hYGuDyFJyot+2srBx3
CHWcTFUHCrFBwYn4N+oBGPmkrK5F5XB2us5EJCG/48m/Q5zlb0HvQAEhAWGVB9bK
gnlIxuak8TZOOihGumuZM5xxNa3kgXyD01L7RjifPxRW9Cvp1BS2kPnWLMvEQdzN
4pSCn72d6Xc=
=RifX
-----END PGP SIGNATURE-----
|