97963 2003-04-07 22:04 /56 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2003-04-07 22:04 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4393>
Ärende: Immunix Secured OS 7+ cvs update
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: cvs
Affected products: ImmunixOS 7.0, 7+
Bugs fixed: CAN-2003-0015
Date: Wed Apr 2 2003
Advisory ID: IMNX-2003-7+-004-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
Stefan Esser discovered a double free() bug in CVS that can be
remotely exploited by anonymous users to gain write access to the CVS
repository. This write access can be converted into execute access
using the CVS protocol commands "Checkin-prog" and "Update-prog".
Igor Dobrovitski: "The impact of a successful exploitation is not
that great: an unprivileged access to the system, where your calls
to getuid() will return a number that's far from 0 (cvs drops
provileges, and does it right)."
We did not disable the Checkin-prog and Update-prog protocol
commands; be aware that granting CVS write access is tantamount to
also giving execute access on the repository.
References: http://security.e-matters.de/advisories/012003.html
http://www.securityfocus.com/archive/1/309913/2003-02-01/2003-02-04/0
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/cvs-1.11.1p1-4_imnx_2.i386.rpm
Immunix OS 7+ md5sums:
543c97b146ef652d2a8497e83822ffc2 cvs-1.11.1p1-4_imnx_2.i386.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.
(97963) /Immunix Security Team <security@wirex.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 97964
97964 2003-04-07 22:04 /9 rader/ Immunix Security Team <security@wirex.com>
Importerad: 2003-04-07 22:04 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: immunix-announce@immunix.org
Extern mottagare: linsec@lists.seifried.org
Mottagare: Bugtraq (import) <4394>
Bilaga (text/plain) till text 97963
Ärende: Bilaga till: Immunix Secured OS 7+ cvs update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj6R0KoACgkQVQcWL60UVMteagCfQjhkIKaFutcneCfVUFrI714g
AGIAn3vk+itixReDX88Fn3Loucx2DLWe
=5lLI
-----END PGP SIGNATURE-----
(97964) /Immunix Security Team <security@wirex.com>/