lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 14 Jun 2005 15:23:17 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:100 - Updated rsh packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           rsh
 Advisory ID:            MDKSA-2005:100
 Date:                   June 14th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability in the rcp protocol was discovered that allows a server
 to instruct a client to write arbitrary files outside of the current
 directory, which could potentially be a security concern if a user used
 rcp to copy files from a malicious server.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5e6f513e437cc9a5a619f323509ca58a  10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
 aec49c478c37577b6fd795bd9bb4ba67  10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
 259dcd458b33d1de12d172e876366165  10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 fd2d00b91971f0b137696c0ca256b94a  amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
 81fffa62d628599cee1f7b590ae4c38e  amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
 259dcd458b33d1de12d172e876366165  amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 de740985b0e213128f8639e3af831b5e  10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
 ff6873ae461a9a12e6a2aeee30a80aa0  10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
 2a5d801cdedfa0b0b588d340b79c9473  10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 716ae1dc777924d462d9c502238bda9e  x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
 23ea2409d82a32918e5e132d8e1fff90  x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
 2a5d801cdedfa0b0b588d340b79c9473  x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 381a2b0e1418a14b618030f27ac445ea  10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
 d750e7ffcf28e7530e19a294ca9d6bc7  10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
 1b576319abe603cfaa12d8ee3e314b0d  10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 7d9fd388f7fefa1e454b9d938befcfdc  x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
 decb83a56d54b9d6310f4e1f2aefe555  x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
 1b576319abe603cfaa12d8ee3e314b0d  x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm

 Corporate Server 2.1:
 a63459af04b29923eff1606742eb9ce4  corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
 b655300455ec6bd0fb8c782cfbcbe281  corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
 c828642735f509a405e4582b9f6f3a29  corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 14219e4f9ada6336f7b26a86881942e2  x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
 c32ccf5751017c29817fdd485c489f4b  x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
 c828642735f509a405e4582b9f6f3a29  x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm

 Corporate 3.0:
 b20aa1eb70c7bfc006c0c946601c9596  corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
 7ae577ac25ff29385f99516abd79baaf  corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
 c6fac5847bb6c80b8c92a22750d1c438  corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 37a7576122ea4001257e11d034100c28  x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
 f7e9c14163f5a56b29fc2b17ae172bfb  x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm
 c6fac5847bb6c80b8c92a22750d1c438  x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCr0rEmqjQ0CJFipgRAstZAJ9nc3Feivcc7Sf8IK5iKJPb2B8WNgCgsBFc
D0N2xFQ36ZmCMiw2OQZqCvE=
=4e3/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ