Bugtraq mailing list archives
Security Update: DoS on gpm
From: support () PHOENIX CALDERASYSTEMS COM (Technical Support)
Date: Thu, 20 Jul 2000 10:27:35 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: DoS on gpm
Advisory number: CSSA-2000-024.0
Issue date: 2000 July, 6
Cross reference:
______________________________________________________________________________
1. Problem Description
There are security problems within gpm (General Purpose Mouse support
daemon) which allow removal of system files and also exhibit a local
denial of service attack.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
gpm-1.17.8-5
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder gpm-1.17.8-5
OpenLinux eDesktop 2.4 All packages previous to
gpm-1.19.2-4
3. Solution
Workaround:
none
We recommend our users to upgrade to the new packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
bdcc5caf3e4cf4abb3081ef6e2049a61 RPMS/gpm-1.17.8-5.i386.rpm
7436e49533e64d7a737c920bbc874299 RPMS/gpm-devel-1.17.8-5.i386.rpm
f9c19f994238fa507d4e5505ebd78b59 RPMS/gpm-devel-static-1.17.8-5.i386.rpm
c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
061e6d50414c0c024547e29c3e1a0737 RPMS/gpm-1.17.8-5.i386.rpm
79633f3258b8bcbdff2fdd733e262e10 RPMS/gpm-devel-1.17.8-5.i386.rpm
0fa3527333421bf90f844376ff692d9d RPMS/gpm-devel-static-1.17.8-5.i386.rpm
c0c839fb697c10f5520bda679366135f SRPMS/gpm-1.17.8-5.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
3f83840592100ea6a770070e11f4d9d9 RPMS/gpm-1.19.2-4.i386.rpm
f223771658eef771a5f93b09dc50c281 RPMS/gpm-devel-1.19.2-4.i386.rpm
7a50dd9a854ed30365cf535850d39420 RPMS/gpm-devel-static-1.19.2-4.i386.rpm
c43abbdd533ac0d9a247eb13dfbb5bb4 SRPMS/gpm-1.19.2-4.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F gpm-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 7297.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgement
Caldera Systems wishes to thank Ian Zimmermann for providing the fix.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5dp+V18sy83A/qfwRAhCfAJ934cwOj+vi8taarVCA1w8jqf33CwCcDss6
I0IGl8DR0aWD4MIRqQsUcaM=
=hoSC
-----END PGP SIGNATURE-----
Current thread:
- HP Jetdirect - Invalid FTP Command DoS, (continued)
- HP Jetdirect - Invalid FTP Command DoS Peter Grundl (Jul 19)
- Re: CheckPoint FW1 BUG Per Hoff (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717) Cerberus Security Team (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro webfind.exe (CISADV000718) Cerberus Security Team (Jul 19)
- Outlook exploit fix opens old hole? Ben (Jul 19)
- [COVERT-2000-08] O'Reilly WebSite Professional Overflow COVERT Labs (Jul 19)
- Security Fix for Blackboard CourseInfo 4.0 aleph1 () securityfocus com (Jul 19)
- [TL-Security-Announce] wu-ftpd TLSA2000014-1 Joe Little (Jul 19)
- @stake iKey 1000 Security Advisory Kingpin (Jul 20)
- Re: @stake iKey 1000 Security Advisory Darren Reed (Jul 20)
- Security Update: DoS on gpm Technical Support (Jul 20)
- Biometrics conference Farrow, Rik (Jul 17)
- Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
- Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)
- Re: (New ?) Macro security hole in Word 97 Bronek Kozicki (Jul 22)
- Jakarta-tomcat.../admin Scott Morris (Jul 21)
- StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
- [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)