[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] usermode package rereleased



Synopsis
========
The usermode package contains a bug that may be exploited to gain
root privileges.
There was an advisory about this before, however, the fix was incomplete.

Problem description
===================
The usermode package contains a binary (/usr/bin/userhelper), which is used
to control access to programs which are to be executed as root.  Because
programs invoked by userhelper are not actually running setuid-root,
security measures built into recent versions of glibc are not active.

If one of these programs supports internationalized text messages, a
malicious user can use the LANG or LC_ALL environment variables (which are
inherited by userhelper and, in turn, any programs it runs) to create a
format-string exploit in these programs.

These updated packages also fix a problem due to an incorrect path
specification in the /usr/bin/shutdown wrapper script and close a potential
security vulnerability in the userhelper binary.

Affected Systems
================
RedHat and distributions that are derived from RedHat

Solution
========
RedHat 6.x
upgrade the usermode and SysVinit packages, i.e.,
rpm -Uvh SysVinit-2.78-5.i386.rpm usermode-1.37-1.6.i386.rpm

RedHat 7.0
upgrade the usermode package, i.e.,
rpm -Fvh usermode-1.37-2.i386.rpm 

Mandrake
this distribution is almost certainly affected, although Mandrake doesn't
seem to have released new packages.
Check the relevant Mandrake errata page.