All you "dump" users should note the following, from Network
Computing and the SANS Institute <[EMAIL PROTECTED]>:
[ ... ]
*** {00.46.012} Linux - Update {00.45.019}: dump executes arbitrary
commands as root
RedHat and Trustix have released updated dump RPMs that correct the
vulnerability discussed in {00.45.019} ("dump executes arbitrary
commands as root").
We would like to note that dump should not be set suid/sgid. Using the
latest version (see location below), there is no need for suid/sgid
permission.
Latest dump package is available at:
ftp://ftp.sourceforge.net/pub/sourceforge/dump/
Updated RedHat RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2000-11/0026.html
Updated Trustix RPMs are listed at:
http://archives.neohapsis.com/archives/bugtraq/2000-11/0047.html
Source: RedHat, Trustix, SF Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-11/0047.html
http://archives.neohapsis.com/archives/bugtraq/2000-11/0026.html
http://archives.neohapsis.com/archives/bugtraq/2000-11/0014.html
[ ... ]
(
Excerpt from Security Alert Consensus Number 070,
Thursday, November 9, 2000
http://archives.neohapsis.com/archives/sans/current/0106.html
)
--
-----------------------------------------------------------------
Dan Wilder <[EMAIL PROTECTED]> Technical Manager & Correspondent
SSC, Inc. P.O. Box 55549 Phone: 206-782-7733 x123
Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
-----------------------------------------------------------------
