(Debian Releases Fix) Re: RedHat's Xinetd Networking Daemon Package May Allow Remote Users to Execute Arbitrary Code as Root and Allow Local Users to Modify System Files
|
|
SecurityTracker Alert ID: 1001773 |
|
SecurityTracker URL: http://securitytracker.com/id/1001773
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 17 2001
|
Impact:
Execution of arbitrary code via network, Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.1.8.9pre15-2
|
Description:
Red Hat reports a vulnerability in earlier versions of their Xinetd package that allows local users to modify some system files and may allow remote users to execute arbitrary code on the server with root-level privileges.
It is reported that Xinetd runs with umask 0, meaning that applications using the xinetd umask and not setting the permissions themselves will create world writable files, which may not have been intended.
This could allow local users to modify system files, potentially leading to further exploit scenarios.
It is also reported that there is a potential buffer overflow vulnerability that may allow remote users to execute code on the server with root-level privileges (see the Message History for details on this vulnerability).
|
Impact:
A local user can modify some files that were created by applications using Xinetd's umask. A remote user can cause a buffer overflow on the server while the Xinetd service is running with root-level privileges, potentially allowing for remote code execution.
|
Solution:
Debian has released a fix. See the Source Message for the Debian advisory.
|
Vendor URL: www.redhat.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Debian)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sun, 17 Jun 2001 17:47:05 +0200
Subject: [SECURITY] [DSA-063-1] two xinetd problems
|
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory DSA-063-1 security@debian.org
http://www.debian.org/security/ Wichert Akkerman
June 17, 2001
- ------------------------------------------------------------------------
Package : xinetd
Problem type : change default umask
buffer overflow
Debian-specific: no
zen-parse reported on bugtraq that there is a possible buffer overflow
in the logging code from xinetd. This could be triggered by using a
fake identd that returns special replies when xinetd does an ident
request.
Another problem is that xinetd sets it umask to 0. As a result any
programs that xinetd start that are not careful with file permissions
will create world-writable files.
Both problems have been fixed in version 2.1.8.8.p3-1.1 .
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.diff.gz
MD5 checksum: 457150cded692f00e76c73c8ae7787d1
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.dsc
MD5 checksum: c3c9764680b907c382904aa1e5ba32b0
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3.orig.tar.gz
MD5 checksum: 5d1f4d5bab29d9e68dc8850b4cb90969
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/xinetd_2.1.8.8.p3-1.1_alpha.deb
MD5 checksum: e43231b79cf899e89b9c8e98cb9a3473
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/xinetd_2.1.8.8.p3-1.1_arm.deb
MD5 checksum: 107e82971903932f9f6deb5b5db53000
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/xinetd_2.1.8.8.p3-1.1_i386.deb
MD5 checksum: 94aff2d70ce4032527b61ef5fe2bf623
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/xinetd_2.1.8.8.p3-1.1_m68k.deb
MD5 checksum: 53627cdca29cfd395b5413bf893652cf
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xinetd_2.1.8.8.p3-1.1_powerpc.deb
MD5 checksum: 0707a506c810aff814acaef7e6188527
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/xinetd_2.1.8.8.p3-1.1_sparc.deb
MD5 checksum: e93d159f968dc41c4244f1b27e023646
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBOyzQ8ajZR/ntlUftAQF4vwL8DWP96n/vNL04tkWxFv0OANfjpSnPtY4u
MD0RnMN7P7lA5uazxB0uC7FgHp0uJmxrdUcIzQ7HWq+CcD9E0AALe4hLp5aCLedD
vmwnTk/1VVL1GkRNq1/Fk8HL2D2Tfypp
=luf8
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
