Yellow Dog Linux Security Announcement -------------------------------------- Package: util-linux Issue Date: August 1, 2002 Priority: high Advisory ID: YDU-20020801-4 1. Topic: Updated util-linux packages are available. 2. Problem: "A locally exploitable vulnerability is present in the util-linux package shipped with [Yellow Dog] Linux The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users to modify personal information stored in the system-wide password file, /etc/passwd. In order to modify this file, this application is installed setuid root. Under certain conditions, a carefully crafted attack sequence can be performed to exploit a complex file locking and modification race present in this utility allowing changes to be made to /etc/passwd. In order to successfully exploit the vulnerability and perform privilege escalation there is a need for a minimal administrator interaction. Additionally, the password file must be over 4 kilobytes, and the local attackers entry must not be in the last 4 kilobytes of the password file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0638 to this issue. An interim workaround is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. All users of [Yellow Dog] Linux should update to the errata util-linux packages which contain a patch to correct this vulnerability. Many thanks to Michal Zalewski of Bindview for alerting us to this issue." (from Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install util-linux b) Updating manually... Download the updates below for your version of Yellow Dog Linux and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] Yellow Dog Linux 2.3 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/util-linux-2.11n-12.2.3a.ppc.rpm ppc/util-linux-devel-2.11n-12.2.3a.ppc.rpm ppc/util-linux-perl-2.11n-12.2.3a.ppc.rpm Yellow Dog Linux 2.2 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ ppc/util-linux-2.11n-12.2.2a.ppc.rpm ppc/util-linux-devel-2.11n-12.2.2a.ppc.rpm ppc/util-linux-perl-2.11n-12.2.2a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- [Yellow Dog Linux 2.3] a97d0833525084d4d646a7c34b54c52c ppc/losetup-2.11n-12.2.3a.ppc.rpm b0b45d8bf7ebea05f1588bb62c0d8988 ppc/mount-2.11n-12.2.3a.ppc.rpm d9d87fd04b4d2f9d25b856cca35ad3dc ppc/util-linux-2.11n-12.2.3a.ppc.rpm 64d16c7c2d3718576338e016d768aeec SRPMS/util-linux-2.11n-12.2.3a.src.rpm [Yellow Dog Linux 2.2] 84673fbc5ae7d5139852e4c40602a52d ppc/losetup-2.11n-12.2.2a.ppc.rpm 2ba16e1ebc6ac38b178670fdaad93e06 ppc/mount-2.11n-12.2.2a.ppc.rpm 9f2176089d6236ee2ff18cd27b213de2 ppc/util-linux-2.11n-12.2.2a.ppc.rpm 82e3b41d68583aa74ab1f09f976895aa SRPMS/util-linux-2.11n-12.2.2a.src.rpm I wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml