The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KSR[T] Advisory #3: updatedb / crontabs (fwd)

To: security@debian.org
Subject: KSR[T] Advisory #3: updatedb / crontabs (fwd)
From: Christian Hudon <S1205299.ber@student.goethe.de>
Date: Tue, 07 Oct 1997 12:10:04 +0200 (MET-DST)
Delivered-to: security@debian.org
Resent-cc: recipient list not shown: ;
Resent-date: 7 Oct 1997 10:09:04 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"qkouEB.A.PCH.7ogO0"@debian>
Resent-sender: debian-private-request@lists.debian.org

We're using makewhatis and updatedb in our default crontab entries, no?

Could the maintainers of the packages responsible for these commands speak
up? 

  Christian

---------- Forwarded message ----------
Date: Mon, 06 Oct 1997 20:45:01 -0700
From: "KSR[T]" <ksrt@DEC.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: KSR[T] Advisory #3: updatedb / crontabs

-----
KSR[T] Website : http://www.dec.net/ksrt
E-mail: ksrt@dec.net
-----
                                                          KSR[T] Advisory #003
                                                          Date:   Aug 05, 1997
                                                          ID #:   lin-cron-003

Operating System(s): Redhat linux 4.1, SuSE Linux 5.0, Slackware 3.3

Affected Program:    updatedb / crontabs

Problem Description: There are numerous problems in the default root crontabs
                     for several flavors of UNIX.  This advisory will contain
                     a brief description of several vulnerabilities that we
                     have discovered.

                     Redhat Linux 4.1:  updatedb contains several security
                     holes.   Updatedb will send the results of a find
                     command string to sort.  Sort will use /tmp to store
                     temp files, and it will follow symbolic links.  A
                     creative attacker can create files in a world writable
                     directory that allows them to control what data will
                     be written to the symbolic link.

                     SuSE Linux 5.0:  makewhatis uses /tmp, this allows
                     attackers to overwrite files as root.  They cannot
                     control the data being written.

                     The system crontab also calls updatedb.

                     check_log_file() contains a SERIOUS security hole that
                     will allow an intruder to write over any file on the
                     system, with whatever he/she wants.  There are numerous
                     other /tmp file problems with the default crontab,
                     it is highly recommended that you upgrade immediately.
                     ( See Patch/Fix section )

                     Slackware 3.3 also comes with a vulnerable version
                     of updatedb installed.

Compromise:          updatedb can allow any local user to execute commands
                     as any user, including root.

                     SuSE's default crontab can allow local users to execute
                     commands as root.

                     makewhatis can allow local users to overwrite/create
                     any file on the system.

Patch/Fix:

Redhat
------

This problem was fixed in Redhat 4.2.

S.u.S.E
-------

Fixes for S.u.S.E. Linux 5.0:
-----------------------------

    ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/a1/aaa_base.rpm

md5:
1ea3b7c6760b6e8db98b49897ba47ad1  aaa_base.rpm

    ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/ap1/makewhat.rpm

md5:
e22df292fe878397cbe800ff796c3a0b  makewhat.rpm


Fixes for S.u.S.E. Linux 4.4.1 (should work for older versions too):
--------------------------------------------------------------------

    ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-4.4.1/a1/aaa_base.tgz

md5:
4c0bff940210b83c00564595fd3e35b3  aaa_base.tgz

    ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-4.4.1/ap1/makewhat.tgz

md5:
503e1678dea767bf2cdab04282777c73  makewhat.tgz


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Follow-Ups:
- Re: KSR[T] Advisory #3: updatedb / crontabs (fwd)
  - From: Fabrizio Polacco <fpolacco@icenet.fi>
- Re: KSR[T] Advisory #3: updatedb / crontabs (fwd)
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: SAMBA security alert
Next by Date: [ksrt@DEC.NET: KSR[T] Advisory #3: updatedb / crontabs]
Previous by thread: RE: SAMBA security alert
Next by thread: Re: KSR[T] Advisory #3: updatedb / crontabs (fwd)
Index(es):
- Date
- Thread