Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(CIAC Issues Advisory L-104) Re: RedHat's Xinetd Networking Daemon Package May Allow Remote Users to Execute Arbitrary Code as Root and Allow Local Users to Modify System Files
|
|
SecurityTracker Alert ID: 1001919 |
|
SecurityTracker URL: http://securitytracker.com/id/1001919
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 4 2001
|
Impact:
Execution of arbitrary code via network, Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.1.8.9pre15-2
|
Description:
Red Hat reports a vulnerability in earlier versions of their Xinetd package that allows local users to modify some system files and may allow remote users to execute arbitrary code on the server with root-level privileges.
It is reported that Xinetd runs with umask 0, meaning that applications using the xinetd umask and not setting the permissions themselves will create world writable files, which may not have been intended.
This could allow local users to modify system files, potentially leading to further exploit scenarios.
It is also reported that there is a potential buffer overflow vulnerability that may allow remote users to execute code on the server with root-level privileges (see the Message History for details on this vulnerability).
|
Impact:
A local user can modify some files that were created by applications using Xinetd's umask. A remote user can cause a buffer overflow on the server while the Xinetd service is running with root-level privileges, potentially allowing for remote code execution.
|
Solution:
The vendor has released updated packages (2.1.8.9pre15-2). See the Source Message for directions on obtaining the packages.
|
Vendor URL: www.redhat.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Red Hat Linux)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 3 Jul 2001 17:22:07 -0700 (PDT)
Subject: L-104 SuSE Linux, xinetd Buffer Overflow
|
[ For Public Release ]
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
SuSE Linux, xinetd Buffer Overflow
July 3, 2001 21:00 GMT Number L-104
______________________________________________________________________________
PROBLEM: SuSE Linux, xinetd has a buffer overflow vulnerability
PLATFORM: i386 Intel Platform: SuSE-6.3,6.4,7.0, 7.1, 7.2 Sparc Platform:
SuSE-7.1 AXP Alpha Platform: SuSE-6.3,6.4,7.0, 7.1 PPC Power PC
Platform: SuSE-6.4,7.0, 7.1
DAMAGE: The buffer overflow vulnerability allows a remote attacker to
execute arbitrary code at all privleges.
SOLUTION: Apply patches supplied by SuSE
______________________________________________________________________________
VULNERABILITY The risk is HIGH. The vulnerability results in a root
ASSESSMENT: compromise, it is remotely exploitable, and is widely
publicized.
______________________________________________________________________________
[****** Start SuSE Advisory ******]
http://www.ciac.org/ciac/bulletins/l-104.shtml
[****** End SuSE Advisory ******]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of SuSE for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Center, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
L-092: Microsoft Predictable Name Pipes In Telnet
L-093: HP-UX kmmodreg Vulnerability
L-094: BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
L-095: Microsoft SQL Query Method Vulnerability
L-096: Red Hat LPRng Vulnerability
L-097: Cisco 6400 NRP2 telnet Vulnerability
L-098: Microsoft Index Server ISAPI Extension Buffer Overflow
L-099: SGI PCP Pmpost Symlink Vulnerability
L-100: FrontPage Sub-Component Vulnerability
L-103: Sun ypbind Buffer Overflow Vulnerability
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBO0JgU7nzJzdsy3QZAQF0QAQAvHCrZWuCBmB4vm2Mrq0wJZbOo1KUbuI/
eL55Vbig0IKn36XnUGiWGkegD921BLM6XoPMr3ivXUSzSSy4ErPhZPvMjoKWTRXR
AOm+mhc2Jmh01U3TbiCNTJyv2PMyeXHDro/Ek01Dxp06tKca0N29rHxjLbLm06Dv
vyvlhPb+02w=
=1BxV
-----END PGP SIGNATURE-----
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server. If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
|
|
Go to the Top of This SecurityTracker Archive Page
|
