[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PISA-18-NOV-99-000



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              .------------------------------------------------.
              |**** Project Independence Security Advisory ****|
              `-----------* ID: PISA-18-NOV-99-000 *-----------'
               Issued by: David Webster <cognition@bigfoot.com>

Issue Date: 18-NOV-99

Overview: File access problems in lpr/lpd

Affected: Independence Release 6.0-0.8 (Redhat 6.0)

References: RedHat Security Advisory; RHSA-1999:041-01

                                  -=-=-==-=-=-

Detailed Problem Description:

	There are two problems in the lpr and lpd programs. By
	exploiting a race between the access check and the actual
	file opening, it is potentially possible to have lpr read
	a file as root that the user does not have access to. Also,
	the lpd program would blindly open queue files as root; by
	use of the '-s' flag to lpr, it was possible to have lpd print
	files that the user could not access.

	Thanks go to Tymm Twillman for pointing out these
	vulnerabilities.

Solution:

	Update the affected RPM packages by downloading and installing
	the RPMs listed below. For each RPM, run:
	root# rpm -Uvh <filename>
	where <filename> is the name of the RPM.
	[Note: Only install the compiled RPM (*.i386.rpm) OR the source
	RPM (*.src.rpm), not both.]

RPMs:

  ftp://ftp.redhat.com/pub/redhat/updates/6.1/i386/lpr-0.43-2.i386.rpm

Source RPMs:

  ftp://ftp.redhat.com/pub/redhat/updates/6.1/SRPMS/lpr-0.43-2.src.rpm

Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
cc1f97635c0a1029febc1f0e75e40527  lpr-0.43-2.i386.rpm
2c258e8aa98f5b005b326f3110410965  lpr-0.43-2.src.rpm
- --------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83

Which is avaliable from: http://www.cognite.net/pgp.html,
			 and most good pgp key servers.

An archive of these messages can be currently be found on:
http://www.cognite.net/indy/

A process of automatic retrival is being worked on.

[Note: these problems were discovered, and fixed by RedHat.]

	.---------------------------------------------------.
	| And problems regarding this, or future advisories |
	| should be emailed to me: <cognition@bigfoot.com>  |
	`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>

iD8DBQE4OXuFDdLNO0X6woMRAqcpAJ9ebvl/BsvhR5GekurooCVJWKg3yACgm11C
7UPY+rTB+GUPmxyavyQHgvo=
=QluO
-----END PGP SIGNATURE-----