[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] usermode root exploit
- To: linux-security
- Subject: [linux-security] usermode root exploit
- Date: Tue, 10 Oct 2000 11:29:28 -0700 (PDT)
Synopsis
========
The usermode package contains a bug that may be exploited to gain
root privileges.
Problem description
===================
The usermode package contains a binary (/usr/bin/userhelper), which is used
to control access to programs which are to be executed as root. Because
programs invoked by userhelper are not actually running setuid-root,
security measures built into recent versions of glibc are not active.
If one of these programs supports internationalized text messages, a
malicious user can use the LANG or LC_ALL environment variables (which are
inherited by userhelper and, in turn, any programs it runs) to create a
format-string exploit in these programs.
Solution
========
RedHat 6.0, 6.1
upgrade the usermode and SysVinit packages, i.e.,
rpm -Uvh SysVinit-2.78-5.i386.rpm usermode-1.36-2.6.x.i386.rpm
RedHat 6.2
upgrade the usermode package, i.e.,
rpm -Fvh usermode-1.36-2.6.x.i386.rpm
RedHat 7.0
upgrade the usermode package, i.e.,
usermode-1.36-3.i386.rpm
Mandrake
this distribution is almost certainly affected, although Mandrake doesn't
seem to have release new packages.
Check the relevant Mandrake errata page.