The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-018.1] Linux: REVISED: Race condition in fileutils


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 14 May 2002 13:28:29 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-018.1] Linux: REVISED: Race condition in fileutils

--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: [email protected] [email protected] [email protected]

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: REVISED: Race condition in fileutils
Advisory number: 	CSSA-2002-018.1
Issue date: 		2002 May 13
Cross reference:
______________________________________________________________________________


1. Problem Description

	A race condition in various utilities from the GNU fileutils
	package may cause a root user to delete the whole filesystem.

	This updates resolves a problem in the original fix that would
	cause an attempt to recursively remove a directory with
	trailing slashes to memory fault.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1 Server		prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1 Workstation	prior to fileutils-4.1-5.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

	4.2 Packages

	d01d42d41800d0b9c1d02c4fec07a79d	fileutils-4.1-5.i386.rpm

	4.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

	4.5 Source Packages

	ccb5269147321f8db75cf6f4758161bd	fileutils-4.1-5.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

	5.2 Packages

	993d932af015edb5ad6e4d70db171492	fileutils-4.1-5.i386.rpm

	5.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

	5.5 Source Packages

	ccb5269147321f8db75cf6f4758161bd	fileutils-4.1-5.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

	6.2 Packages

	79671c826786c29d2849fe14de4f79f1	fileutils-4.1-5.i386.rpm

	6.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

	6.5 Source Packages

	238ad9663d26b196eea92874a96b1c53	fileutils-4.1-5.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

	7.2 Packages

	79671c826786c29d2849fe14de4f79f1	fileutils-4.1-5.i386.rpm

	7.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

	7.5 Source Packages

	01a126030929e44c83a473ee662fecb9	fileutils-4.1-5.src.rpm


8. References

	Specific references for this advisory:

		http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002440.html
		http://isec.pl/vulnerabilities/0002.txt

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security fix closes Caldera incidents sr862917, fz520627,
	erg712018.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Caldera would like to thank Vincent Danen at Mandrake
	for alerting us to the problems with the original fix.

	Wojciech Purczynski (iSEC Security Research, http://isec.pl)
	reported this vulnerability.

______________________________________________________________________________


--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzhc20ACgkQbluZssSXDTHGSQCfbXNoVb8C99r92obDYevNMGtg
0TQAoIT5OPdottTSj6SIp4UiAArJtX+o
=eXHQ
-----END PGP SIGNATURE-----

--zYM0uCDKw75PZbzx--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру