lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1EKsyr-000ofrC__31266.401083167$1128017751$gmane$org@finlandia.Infodrom.North.DE>
Date: Thu, 29 Sep 2005 09:37:25 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 823-1] New util-linux packages fix privilege escalation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 823-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
September 29th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : util-linux
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2876
Debian Bug     : 328141 329063

David Watson discoverd a bug in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

For the old stable distribution (woody) this problem has been fixed in
version 2.11n-7woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.12p-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.12p-8.

We recommend that you upgrade your loop-aes-utils package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.dsc
      Size/MD5 checksum:      641 fce635015061f5d46813f8592a40d4c6
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.diff.gz
      Size/MD5 checksum:    50075 cf65f5247eb2804b2a50f9194e68cb90
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n.orig.tar.gz
      Size/MD5 checksum:  1442534 8abef2ae7e95177f5253ed4535e074c1

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.11n-7woody1_all.deb
      Size/MD5 checksum:   650386 a4be44b838e54364ddf1f173221744f5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:    42090 47783226e3c34c116eb07b37d1210d1c
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:   125614 5ded5ce9534da343bc1f2d1932b1dad2
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:   389870 25f9bbe360817774d353ff4b0867c1d3

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_arm.deb
      Size/MD5 checksum:    38952 d27109fd1a530f9645abc7a49782d2a3
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_arm.deb
      Size/MD5 checksum:    99214 9c97a96648eb0e2de9807ed6ebf28273
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_arm.deb
      Size/MD5 checksum:   336014 b0a323657cbac6753dbfb2f8702f97e3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_i386.deb
      Size/MD5 checksum:    39666 6ad1c919266183bc2d9b72900dcacd32
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_i386.deb
      Size/MD5 checksum:    99486 7c46ddd1c0344fef3b1bdb73b49479d6
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_i386.deb
      Size/MD5 checksum:   330128 d6e5c87bb8e250d6fb25c42ea4bcabd4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:    44814 ccd30f34220f611839f6af3804994f35
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:   141200 2665d0a3d0c4e4c44379cf72f6da820e
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:   450054 fd182f5abb1f7e5e8e0e7b2c9b7063b8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:    40848 6ac5aeb7c1f65b14668cf2f25b33dea2
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:   114886 74597c0f5942039cf0adbc3c6b5fa34d
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:   367094 4933cae4c4cb1e01ced24d52f3e9b2b0

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:    39170 62f8cac276d09b134c0a62c42563ab51
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:    96928 51eb3ba6a32e35ee5e7db83eec7436bf
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:   203656 937a79d72ea795195c6b761a5aea7bb6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mips.deb
      Size/MD5 checksum:    39846 94fa3b3bf56f6d63066603acbbcc3d43
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mips.deb
      Size/MD5 checksum:   112544 8493e3d4ee5ac8037a51f30baf2e197b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mips.deb
      Size/MD5 checksum:   348288 d1f62cda038b511e5df00f7850fecd94

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:    39706 508586755e53ed64c3aa32455b0f0b6c
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:   112684 2e7fd13c29633ce39676f63932b0fc8d
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:   347824 c6244afdec75eb663065aa13fa7bdeda

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:    39288 96bec0efd657e08892a27c10e2aeb33f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:   102562 2a5d7040ab0372bdfbeeacabcd3f6b8b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:   339450 0046286fb461e613f10e51f29980abb3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_s390.deb
      Size/MD5 checksum:    40426 b8bbe428e0dcab555753d427112afab6
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_s390.deb
      Size/MD5 checksum:   106674 62cf3121f0096637cfad9f0b6f42c750
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_s390.deb
      Size/MD5 checksum:   190018 9130482d45c4d70d75729c75fce92daa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:    46030 8ff343a6e95a5b3f1894b849c328da2e
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:   113674 744e3c6ebe8ce757f9f8fe6947a9db4a
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:   273234 bb59545a02d0b7570fb34a4fd12b2c68


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.dsc
      Size/MD5 checksum:      712 9341316ba59e695a6bc89cd9ecda5f65
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.diff.gz
      Size/MD5 checksum:    73184 777c64bed4a63496ec05456ccf234bcd
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
      Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge1_all.deb
      Size/MD5 checksum:  1078722 5f5e4513c74e6cb5262b4ac976881eb0

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:    68950 bb19eb9abe0bc1277e3dd2313b8f4153
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:   159648 f1636230b6f4523f80edc78aa57ba2aa
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:   439592 cdaad3d4d275315f03bd304c9d414faf

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:    67222 26b68625dda4c3736124a14543347ebd
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:   146038 b8f5b355beb87bc3637861fc526c6d85
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:   400974 361df6632f69bac77bf290f5ab9a0f71

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:    65290 4efd973f621a30865f70cfcbb70473df
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:   136262 018f40934ba15fb5e20a0c625f8eb9b9
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:   386952 cdb739cf88a719d3f74b2519f7ed8abc

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:    65606 8339484e18bf9d4e491c73bc2a9b6a76
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:   139460 544996c905c84f9cdaef5bc4d0eefb10
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:   378306 93e989d714a489a8d5ddee64b33c6e90

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:    71536 a088766c3e795b062a612dc6d72a5c70
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:   173796 5b3790cc40b6e8d1663d6deef0ccab1c
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:   507240 c5145ec21236d9070a7a6336a980a89e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:    67900 20a19565eb92558559c0adf23c4c2d0f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:   149158 29252ec2808c4d83e2479a33f11ae1a8
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:   423080 322a7f09ca9f9a237413dc773569c012

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:    65550 7596fb004730584bffca201e249ab649
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:   129726 6feecfc0d82581bc412ee9a438e1a29e
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:   242620 60cccf944698d0a8745374e235289604

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:    71096 027aa05d9700dd5af662b781dcd9775b
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:   149458 eeaf4aa326ae1b7564b2dda793734068
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:   453900 69552406024cc032c557c524e783582f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:    71010 2326040662acc0699d767bae3bebd39f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:   150020 1e48ae6712dce580678651ec91663e8b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:   453972 e533c8ac5d80dbe2b7c70daf18085af7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:    65978 05e9556e5750e669bec851420ab8f33f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:   147196 41bf9664a9d41b42feb3ecad65d301ed
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:   406370 1c2d8185c20990c83c17167520a069a5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:    67110 6e0c2effc303c52f8ee6af6c2000d474
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:   145748 11b35f1e0d8195a764ce017c2b1dc219
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:   379132 b389239d7f14c30cd020254975ae9b7e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:    65416 57c00592da329cec3c1ebdc1630a671f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:   138136 12581a557519b123e3177e37877e2b0f
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:   274442 5f93b33ea1f6372e244c3c8dcc95a062


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO5m0W5ql+IAeqTIRAkQJAJ9997RfpHBmsBwC/ywZTXTWE90PegCghMJH
Ky+REN/gU3d8WH435DPPhLk=
=eDV/
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ