Yellow Dog Linux Security Advisory: YDU-20020801-4
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 1 Aug 2002 16:08:14 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: util-linux
Issue Date: August 1, 2002
Priority: high
Advisory ID: YDU-20020801-4
1. Topic:
Updated util-linux packages are available.
2. Problem:
"A locally exploitable vulnerability is present in the util-linux package
shipped with [Yellow Dog] Linux
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. The 'chfn'
utility included in this package allows users to modify personal
information stored in the system-wide password file, /etc/passwd. In order
to modify this file, this application is installed setuid root.
Under certain conditions, a carefully crafted attack sequence can be
performed to exploit a complex file locking and modification race present
in this utility allowing changes to be made to /etc/passwd.
In order to successfully exploit the vulnerability and perform privilege
escalation there is a need for a minimal administrator interaction.
Additionally, the password file must be over 4 kilobytes, and the local
attackers entry must not be in the last 4 kilobytes of the password file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0638 to this issue.
An interim workaround is to remove setuid flags from /usr/bin/chfn and
/usr/bin/chsh. All users of [Yellow Dog] Linux should update to the errata
util-linux packages which contain a patch to correct this vulnerability.
Many thanks to Michal Zalewski of Bindview for alerting us to this issue."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install util-linux
b) Updating manually...
Download the updates below for your version of Yellow Dog Linux
and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/util-linux-2.11n-12.2.3a.ppc.rpm
ppc/util-linux-devel-2.11n-12.2.3a.ppc.rpm
ppc/util-linux-perl-2.11n-12.2.3a.ppc.rpm
Yellow Dog Linux 2.2
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
ppc/util-linux-2.11n-12.2.2a.ppc.rpm
ppc/util-linux-devel-2.11n-12.2.2a.ppc.rpm
ppc/util-linux-perl-2.11n-12.2.2a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 2.3]
a97d0833525084d4d646a7c34b54c52c ppc/losetup-2.11n-12.2.3a.ppc.rpm
b0b45d8bf7ebea05f1588bb62c0d8988 ppc/mount-2.11n-12.2.3a.ppc.rpm
d9d87fd04b4d2f9d25b856cca35ad3dc ppc/util-linux-2.11n-12.2.3a.ppc.rpm
64d16c7c2d3718576338e016d768aeec SRPMS/util-linux-2.11n-12.2.3a.src.rpm
[Yellow Dog Linux 2.2]
84673fbc5ae7d5139852e4c40602a52d ppc/losetup-2.11n-12.2.2a.ppc.rpm
2ba16e1ebc6ac38b178670fdaad93e06 ppc/mount-2.11n-12.2.2a.ppc.rpm
9f2176089d6236ee2ff18cd27b213de2 ppc/util-linux-2.11n-12.2.2a.ppc.rpm
82e3b41d68583aa74ab1f09f976895aa SRPMS/util-linux-2.11n-12.2.2a.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml