linux, säkerhet

5354263 2000-08-12  05:06  /65 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12179>
Ärende: Conectiva Linux security announcement - usermode
------------------------------------------------------------
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20000810160551.C9845@conectiva.com.br>

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE : usermode
SUMMARY : Console users can obtain root privileges
DATE    : 2000-08-10
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2, 5.0, 5.1, e-commerce
                              and graphic tools


DESCRIPTION
The usermode package, along with pam_console, allows console users to
execute some privileged commands, like reboot or halt. It is required
that these users have shell and console access and that they provide
their password.
The shutdown command is one of those privileged commands, and console
users can issue this command to switch to runlevel 1, thus obtaining
root privileges.


SOLUTION All users should upgrade immediately. The new usermode
package does not provide this funcionality for the shutdown command
anymore. "reboot" and "halt", among others, are still honored.
Administrators who do not want normal users to be able to execute
these commands at the console should remove the usermode package
entirely.


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/usermode-1.19-3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/usermode-1.19-3cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/usermode-1.19-3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/usermode-1.19-3cl.src.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5354263) ------------------------------------------(Ombruten)