6346047 2001-04-10 16:05 +0200  /226 rader/ Thomas Biege <thomas@SUSE.DE>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-10  18:19  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: thomas@SUSE.DE
Mottagare: Bugtraq (import) <16447>
Ärende: SuSE Security Announcement: mc (SuSE-SA:2001:11)
------------------------------------------------------------
From: Thomas Biege <thomas@SUSE.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <Pine.LNX.4.21.0104101604380.979-100000@Galois.suse.de>

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package:                mc
        Announcement-ID:        SuSE-SA:2001:11
        Date:                   Tuesday, April 10th, 2001 15.21 MEST
        Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     local privilege escalation
        Severity (1-10):        4
        SuSE default package:   no
        Other affected systems: all system using mc

        Content of this advisory:
        1) security vulnerability resolved: mc
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade
information

    The Midnight Commander, mc(1), is a ncurses-based file manager.
    A local attacker could trick mc(1) into executing commands with
    the privileges of the user running mc(1) by creating malicious
    directory names. This attack leads to local privilege escalation.

    There does no workaround exist. The only solution is to update the
    mc package.

    Download the update package from locations desribed below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.



    i386 Intel Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/mc-4.5.51-1.i386.rpm
      c1eb197dff39e61065c498fa91347836
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mc-4.5.51-1.src.rpm
      cb768e70eacbf622464a71d8b5983769

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/mc-4.5.50-1.i386.rpm
      2770c2df6acd3e3ec8d9195e689aa037
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mc-4.5.50-1.src.rpm
      579a86de5c2a14e61d0b6097611fdfb7

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/mc-4.5.42-47.i386.rpm
      c16569cbbeb1d42823c1b6abdd61c03e
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/mc-4.5.42-47.src.rpm
      d30069c9d3bf76b6f90d11b6cff86133

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/mc-4.5.40-3.i386.rpm
      655a6cac8bdb49789ee55c3bdc38e104
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/mc-4.5.40-3.src.rpm
      969a5f5427e04ea2710516ae3b9360c6

    SuSE-6.2
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/mc-4.5.37-20.i386.rpm
      c6cf641cd54c976df4f64a0fa1263d65
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/mc-4.5.37-20.src.rpm
      ccdd4d9e727edc45c610013f69af9c86

    SuSE-6.1
    ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/mc-4.5.33-1.i386.rpm
      2dd900869259558ef6ad9b16e056322d
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/mc-4.5.33-1.src.rpm
      10c3a9ae63cbd8e43923f9245bba166c



    Sparc Platform:

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/mc-4.5.50-1.sparc.rpm
      16fab4824da5347fe243bfd8a3196a02
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/mc-4.5.50-1.src.rpm
      f8a51dd5975e6c1c34492f1fae6c66c7



    AXP Alpha Platform:

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/mc-4.5.42-47.alpha.rpm
      dd80759475ca682a421cdd7dff4c6539
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/mc-4.5.42-47.src.rpm
      1d98da3743c951003b99bf8b88b577f1

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/mc-4.5.40-1.alpha.rpm
      31a77b496e6c4185b0d9dd50336fb238
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/mc-4.5.40-1.src.rpm
      dae662f3de8f42590feb62e1dc3abce8

    SuSE-6.1
    ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/mc-4.5.33-14.alpha.rpm
      58906f33013bc64cc090ed56c05ab6d7
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/mc-4.5.33-14.src.rpm
      32727c15d6df11ceaa07afbd67b96b64



    PPC PowerPC Platform:

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/mc-4.5.50-1.ppc.rpm
      0f17db922b03ee5db09e46311b5c1096
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mc-4.5.50-1.src.rpm
      aa1d77e05edd2b6097896be3bc3433d2

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/mc-4.5.42-47.ppc.rpm
      018dbd5d4f7ed760e5fcfe22bceee016
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/mc-4.5.42-47.src.rpm
      e56125ce9edd85accd1ea2830e578504


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - We are in the process of preparing update packages for the man package
      which has been found vulnerable to a commandline format string bug.
      The man command is installed suid man on SuSE systems. When exploited,
      the bug can be used to install a different man binary to introduce a
      trojan into the system. As an interim workaround, we recommend to
      `chmod -s /usr/bin/man´ and ignore the warnings and errors when
      viewing manpages.

    - Two bugs were found in the text editor vim. These bugs are currently
      being fixed.

    - A bufferoverflow in sudo was discovered and fixed RPMs will be
      available as soon as possible. A exploit was not made public until
      now.

    - NEdit a GUI-style text editor needs an update due to a tmp race
      condition. The source code is currently being reviewed and new
      RPMs will be available within the next days.

______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested
    party may subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ===============================================
    SuSE's security contact is <security@suse.com>.
    ===============================================

______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOtMMnHey5gA9JdPZAQGAxAgAnwW45oAtOGMOySwqVdhKwqIrN/7FOEED
3FvQtMrLlICwAqD/DaS35qQs2IqIWfVtAm/bRoLlNwAkizmu4P2InskvNBXO9YuS
YdbntegiAdmX/7P55/9xBdOZub4PRi5jk7MWRJd//VWaumgx4RZHWnVvtI2eSWKT
xc6yBgxPfTlQQxp8mh3oUbAgkUf3kfE2CuSs7NXk7dV0xoenjfObt/3SPlHEBaRw
ASFDcXk8PiRPAM1KhtzkKQqGYDijDGfzXJ65pU2dm5mqUa2hwJrVFtLfMwPD7nYP
9Bvk4ym0iXQ3LNIQgYFgTcCuM4W4BV1IB4YeHyorDsOwbl2K7QggkQ==
=IWSy
-----END PGP SIGNATURE-----

Bye,
     Thomas
-- 
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomas@suse.de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
   Key fingerprint = 09 48 F2 FD 81 F7 E7 98  6D C7 36 F1 96 6A 12 47
(6346047) /Thomas Biege <thomas@SUSE.DE>/-(Ombruten)