[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] Welcome and initial advisory

To: linux-security
Subject: [linux-security] Welcome and initial advisory
Date: Wed, 4 Oct 2000 17:19:48 -0700 (PDT)

Hello everybody,
this is (besides the automated welcome) the "official" welcome to
SFU's linux-security mailing list. The purpose of the list is primarily
announcements of vulnerabilities of the Linux operating system.
That is, this is not a discussion list and I will try to keep the volume
on this list as low as possible. If you want to discuss other issues, please
send mail to me personally, not to the list.

As mentioned on the web page
http://www.sfu.ca/acs/security/linux-security.html
one of the most important tasks is to stay up-to-date with patches.
Below I list a number of security related bugs that emerged within the
last half year. If you haven't done so already, you have to fix these!
Note, that the list is by no means complete - there is no substitute for
checking the errata/patch/security web page for your distribution.
Also note that although I list in most cases rpms, these problems are
by no means RedHat-only problems. They affect almost all Linux distributions.
(I just happen to know the patched versions for RedHat; you have to find
the patches yourself, if you use a different distribution).

Anyway, here is the list:

(1) Linux kernel bug - local root exploit: 
    upgrate kernel to (at least) version 2.2.16
(2) wu-ftpd SITE EXEC bug - remote root exploit: 
    upgrade to version 2.6.1
    (for RedHat it suffices to upgrade to at least
      wu-ftpd-2.6.0-14.6x.i386.rpm)
    Currently, this is by far the most popular exploits under hackers!
(3) rpc.statd exploit - (possibly) remote root exploit
    upgrade to nfs-utils-0.1.9.1-1.i386.rpm 
(5) various Netscape bugs: upgrade to version 4.75
(6) suidperl bug - local root exploit: 
    upgrade to perl-5.00503-12.i386.rpm
    [remark: you also have to upgrade rpm in order to install this packages:
            get rpm-3.0.5-9.6x.i386.rpm 
            Redhat also recommends to upgrade to mailx-8.1.1-16.i386.rpm]
    workaround: (recommended!) chmod 755 /usr/bin/suidperl
    This is recommended even if you upgrade to the new version!
(7) syslog format bug - local (possibly remote) root exploit
    upgrade to sysklogd-1.3.31-17.i386.rpm
(8) glibc bugs - local root exploit
    upgrade to glibc-2.1.3-21.i386.rpm 
               glibc-devel-2.1.3-21.i386.rpm 
               glibc-profile-2.1.3-21.i386.rpm 
               nscd-2.1.3-21.i386.rpm

For RedHat users on campus: you can get all rpms mentioned above from
SFU's patched RH 6.2 distribution:

mkdir /mnt/redhat
mount -t nfs sphinx.sfu.ca:/vol/vol1/distrib/redhat /mnt/redhat
cd /mnt/redhat/RedHat/RPMS

(you may want to safe this piece of code for future reference)

That's it for a start. More to come (unfortunately).

Cheers,
Martin

========================================================================
Martin Siegert
Academic Computing Services                        phone: (604) 291-4691
Simon Fraser University                            fax:   (604) 291-4242
Burnaby, British Columbia                          email: siegert@sfu.ca
Canada  V5A 1S6
========================================================================

Next by Date: [linux-security] traceroute bugs
Prev by thread: [linux-security] traceroute bugs
Index(es):
- Date
- Thread