>_____________________________________________________________________________ > > SuSE Security Announcement > > Package: aaabase < 2000.1.3 > Date: Sat, 29 Apr 2000 14:03:28 GMT > > Affected SuSE versions: all > Vulnerability Type: remove any local file(s) > executing attacker supplied commands as > non-root > SuSE default package: yes > Other affected systems: unknown >______________________________________________________________________________ > >A security hole was discovered in the package mentioned above. >Please update as soon as possible or disable the service if you are using >this software on your SuSE Linux installation(s). > >Other Linux distributions or operating systems might be affected as >well, please contact your vendor for information about this issue. > >Please note that we provide this information on an "as-is" basis only. >There is no warranty whatsoever and no liability for any direct, indirect or >incidental damage arising from this information or the installation of >the update package. >_____________________________________________________________________________ > >1. Problem Description > > aaa_base is the basic package which comes with any SuSE Linux installation. > Two vulnerabilities have been found: > > 1) The cron job /etc/cron.daily/aaa_base does a daily checking of files in > /tmp and /var/tmp, where old files will be deleted if configured to do so. > Please note this this feature is NOT activated by default > > 2) Some system accounts have their homedirectories set to /tmp by default. > These are the users games, firewall, wwwrun and nobody on a SuSE 6.4. > >2. Impact > > 1) If the /tmp cleanup is activated, any file or directory can be deleted > by any local user > > 2) If an attacker creates dot files in /tmp (e.g. bash profiles), these > might be executed if someone uses e.g. "su - nobody" to switch to the > nobody user. This can lead to a compromise of that userid. > This vulnerability is present in several other unix systems as well - > please check all! > >3. Solution > > 1) Update the package from our FTP server. > > 2) The root user will receive a email with the accounts listed which have > a homedirectory in /tmp. You have to fix this by hand, because some > installations might break if they rely on information saved in the (unsafe) > /tmp homedirectory. > The email will give more information what to do. >______________________________________________________________________________ > >Please verify these md5 checksums of the updates before installing: > >369c48687807875e9b01f24b6e6bb061 >ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/aaa_base-2000.1.3-0.alpha.rpm >350cabc140a177dfa1909d356c982647 >ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/aaa_base-99.9.8-0.i386.rpm >1b0ccf6db229d6c45692588d826853b7 >ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/aaa_base-2000.1.3-0.i386.rpm >34ff11f9ffd877231fab6add4a1723dd >ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/aaa_base-2000.4.27-1.i386.rpm >______________________________________________________________________________ > >You can find updates on our ftp-Server: > > ftp://ftp.suse.com/pub/suse/i386/update for Intel processors > ftp://ftp.suse.com/pub/suse/axp/update for Alpha processors > >or try the following web pages for a list of mirrors: > http://www.suse.de/ftp.html > http://www.suse.com/ftp_new.html > >Our webpage for patches: > http://www.suse.de/patches/index.html > >Our webpage for security announcements: > http://www.suse.de/security > >If you want to report vulnerabilities, please contact > [EMAIL PROTECTED] >______________________________________________________________________________ > >SuSE has got two free security mailing list services to which any >interested party may subscribe: > >[EMAIL PROTECTED] - moderated and for general/linux/SuSE > security discussions. All SuSE security > announcements are sent to this list. > >[EMAIL PROTECTED] - SuSE's announce-only mailing list. > Only SuSE's security annoucements are sent > to this list. > >To subscribe to the list, send a message to: > <[EMAIL PROTECTED]> > >To remove your address from the list, send a message to: > <[EMAIL PROTECTED]> > >Send mail to the following for info and FAQ for this list: > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > >_____________________________________________________________________________ > > This information is provided freely to everyone interested and may > be redistributed provided that it is not altered in any way. > >Type Bits/KeyID Date User ID >pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <[EMAIL PROTECTED]> To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list button and fill the appropriate information and submit. For any other queries contact the ML maintener
