Home page logo
/

bugtraq logo Bugtraq mailing list archives

Immunix OS Security update for glibc
From: Greg KH <greg () WIREX COM>
Date: Thu, 18 Jan 2001 22:45:31 -0800


-----------------------------------------------------------------------
        Immunix OS Security Advisory

Packages updated:       glibc
Effected products:      Immunix OS 7.0-beta
Bugs Fixed:             immunix/1320
Date:                   January 18, 2001
Advisory ID:            IMNX-2000-70-029-01
Author:                 Greg Kroah-Hartman <greg () wirex com>
-----------------------------------------------------------------------

Description:
  There is a bug in the current version of the GNU C Library (glibc)
  that is shipped with Immunix Linux 7.0-beta.  This bug can allow
  unprivileged users to read files that would normally be restricted
  (like /etc/shadow).  This is done by setting the RESOLV_HOST_CONF
  environment variable to the file that the user wishes to read, and
  then running any setuid root program (like sudo or ssh.)  This causes
  the restricted file to be written to stderr.

  Packages have been created and released for Immunix 7.0 beta to fix
  this problem.

Package names and locations:
  Precompiled binary packages for Immunix 7.0 beta are available at:
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-2.2-12_imnx_7.i386.rpm
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-common-2.2-12_imnx_7.i386.rpm
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-devel-2.2-12_imnx_7.i386.rpm
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-profile-2.2-12_imnx_7.i386.rpm
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/nscd-2.2-12_imnx_7.i386.rpm

  Source package for Immunix 7.0 beta is available at:
    http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/glibc-2.2-12_imnx_7.src.rpm

md5sums of the packages:
  733728df9085585346af50ae63bc9b42  glibc-2.2-12_imnx_7.i386.rpm
  a9945444b49a35323da17c428a4bbcae  glibc-common-2.2-12_imnx_7.i386.rpm
  7544da1a3ceea13770f9d40997577f35  glibc-devel-2.2-12_imnx_7.i386.rpm
  9a2d8caaf53409f2ce3d57013259658a  glibc-profile-2.2-12_imnx_7.i386.rpm
  83e4a07d56280574b6d5846cb0ca28f9  nscd-2.2-12_imnx_7.i386.rpm
  9264d3521386bcc9112a6429840ff825  glibc-2.2-12_imnx_7.src.rpm

Online version of all Immunix 7.0-beta updates and advisories:
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Immunix OS Security update for glibc Greg KH (Jan 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]