linux, säkerhet

5430375 2000-09-04  06:33  /14 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12549>
Ärende: [security@slackware.com: [slackware-security] Perl root exploit
------------------------------------------------------------
 in Slackware 7.1 & -current]
	I had fixed this manually, as have a lot of
people.  Nevertheless, this should still be of interest.

Regards,
-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."
(5430375) ------------------------------------------
Kommentar i text 5430376 av Brevbäraren (som är implementerad i) Python
Kommentar i text 5430377 av Brevbäraren (som är implementerad i) Python
Läsa nästa kommentar.
5430376 2000-09-04  06:33  /73 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12550>
Kommentar till text 5430375 av Brevbäraren (som är implementerad i) Python
Ärende: Bilaga till: [security@slackware.com: [slackware-security] Perl root exploit
------------------------------------------------------------
 in Slackware 7.1 & -current]
Return-Path: <owner-slackware-security@connie.slackware.com>
Delivered-To: whitvamp@localhost
Received: (qmail 9238 invoked from network); 3 Sep 2000 01:04:14 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 3 Sep 2000 01:04:14 -0000
Delivered-To: whitvamp@monolith.projectgamma.com
Received: from monolith.projectgamma.com [216.226.17.243]
	by localhost with POP3 (fetchmail-5.4.4)
	for whitvamp@localhost (single-drop); Sat, 02 Sep 2000
21:04:14 -0400 (EDT) Received: (qmail 1539 invoked from network); 2
Sep 2000 21:53:43 -0000 Received: from lmtp07.iname.net (HELO
smv18.iname.net) (165.251.8.71)
  by monolith.projectgamma.com with SMTP; 2 Sep 2000 21:53:43 -0000
Received: from connie.slackware.com (connie.slackware.com [204.216.27.13])
	by smv18.iname.net (8.9.3/8.9.1SMV2) with ESMTP id UAA07787;
	Sat, 2 Sep 2000 20:54:13 -0400 (EDT)
Received: (from daemon@localhost)
	by connie.slackware.com (8.9.3/8.9.3) id PAA16487
	for slackware-security-outgoing; Sat, 2 Sep 2000 15:59:28 -0700
Received: from localhost (security@localhost)
	by connie.slackware.com (8.9.3/8.9.3) with ESMTP id PAA16484
	for <slackware-security@slackware.com>; Sat, 2 Sep 2000
15:59:26 -0700 Date: Sat, 2 Sep 2000 15:59:25 -0700 (PDT) From:
Slackware Security Team <security@slackware.com> To:
slackware-security@slackware.com Subject: [slackware-security] Perl
root exploit in Slackware 7.1 & -current Message-ID:
<Pine.LNX.4.10.10009021557500.16479-100000@connie.slackware.com>
MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender:
owner-slackware-security@slackware.com Precedence: bulk Reply-To:
Slackware Security Team <security@slackware.com>

A root exploit was found in the /usr/bin/suidperl5.6.0 program that
shipped with the Slackware 7.1 perl.tgz package.

It is recommended that all users of Slackware 7.1 (and -current)
upgrade to the perl.tgz package available in the Slackware -current
branch.

   ====================================
   perl 5.6.0 AVAILABLE - (d1/perl.tgz)
   ====================================

      The root exploit in /usr/bin/suidperl5.6.0 has been patched.
      Hack attempts are now logged to /var/log/syslog.  The new
      perl.tgz package is available from:

         ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/

      Here are the md5sums and checksums for the packages:

         1027099174 6464627 ./perl.tgz
         0dfc1c46e3dd22033850fc69928588ec  ./perl.tgz

      INSTALLATION INSTRUCTIONS FOR THE perl.tgz PACKAGE:
      ---------------------------------------------------
      If you have downloaded the new perl.tgz package, you should bring
      the system into runlevel 1 and run upgradepkg on it:

         # telinit 1
         # upgradepkg perl.tgz
         # telinit 3


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com
(5430376) ------------------------------------------(Ombruten)

5430377 2000-09-04  06:33  /11 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12551>
Kommentar till text 5430375 av Brevbäraren (som är implementerad i) Python
Ärende: Bilaga till: [security@slackware.com: [slackware-security] Perl root exploit
------------------------------------------------------------
 in Slackware 7.1 & -current]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5sqKs3+rxmnEDyl8RAi9GAJ9zB0NeWSp0n/pKZI9CTPObP0b5pQCeL//d
8OZrS4gz2WjPq9Mp8UhQFvU=
=MR16
-----END PGP SIGNATURE-----
(5430377) ------------------------------------------