[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] usermode root exploit



Synopsis
========
The usermode package contains a bug that may be exploited to gain
root privileges.

Problem description
===================
The usermode package contains a binary (/usr/bin/userhelper), which is used
to control access to programs which are to be executed as root.  Because
programs invoked by userhelper are not actually running setuid-root,
security measures built into recent versions of glibc are not active.

If one of these programs supports internationalized text messages, a
malicious user can use the LANG or LC_ALL environment variables (which are
inherited by userhelper and, in turn, any programs it runs) to create a
format-string exploit in these programs.

Solution
========
RedHat 6.0, 6.1
upgrade the usermode and SysVinit packages, i.e.,
rpm -Uvh SysVinit-2.78-5.i386.rpm usermode-1.36-2.6.x.i386.rpm

RedHat 6.2
upgrade the usermode package, i.e.,
rpm -Fvh usermode-1.36-2.6.x.i386.rpm

RedHat 7.0
upgrade the usermode package, i.e.,
usermode-1.36-3.i386.rpm 

Mandrake
this distribution is almost certainly affected, although Mandrake doesn't
seem to have release new packages.
Check the relevant Mandrake errata page.