10915900 2003-10-31 18:14 -0800 /69 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-11-01 23:35 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <29728>
Ärende: Immunix Secured OS 7+ fileutils update
------------------------------------------------------------
From: Immunix Security Team <security@immunix.com>
To: bugtraq@securityfocus.com
Message-ID: <20031101021444.GL27612@wirex.com>
[Lotus and Outlook users: please do not use out-of-office autoreplies.
They are extremely annoying. Thanks.]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: fileutils
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0853 CAN-2003-0854
Date: Fri Oct 31 2003
Advisory ID: IMNX-2003-7+-026-01
Author: Seth Arnold <sarnold@immunix.com>
-----------------------------------------------------------------------
Description:
Georgi Guninski has discovered an off-by-one error in ls(1)'s columns
handling code. This provided a providential opportunity to handle the
exponential memory usage involved in the columnar display; thus, we
have included a patch from Solar Designer to limit the number of
columns to 1024, reducing the chance of memory exhaustion and working
around the off-by-one vulnerability.
ls(1) is exposed through wu-ftpd, potentially to unauthenticated
users. If your setup is a chroot wu-ftpd, please replace the copy
of ls in the chroot with this copy.
This patch fixes CAN-2003-0853 and CAN-2003-0854. Many thanks to
Georgi Guninski and Solar Designer for spotting the problem and
providing the solution.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/fileutils-4.0x-3_imnx_3.i386.rpm
A source package for Immunix 7+ can be found at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/fileutils-4.0x-3_imnx_3.src.rpm
Immunix OS 7+ md5sums:
0e1d67ef1cd87d351963a8f85170d1d0 RPMS/fileutils-4.0x-3_imnx_3.i386.rpm
0bed0757cfa529a63a73cd62696dceec SRPMS/fileutils-4.0x-3_imnx_3.src.rpm
GPG verification:
Our public keys are available at http://download.immunix.org/GPG_KEY
Immunix, Inc., has changed policy with GPG keys. We maintain several
keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
Immunix 7.3 package signing, and 1B7456DA for general security issues.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@immunix.com.
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
(10915900) /Immunix Security Team <security@immunix.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 10915901
Kommentar i text 10922159 av Seth Arnold <sarnold@wirex.com>
10915901 2003-10-31 18:14 -0800 /9 rader/ Immunix Security Team <security@immunix.com>
Importerad: 2003-11-01 23:36 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <29729>
Bilaga (application/pgp-signature) till text 10915900
Ärende: Bilaga till: Immunix Secured OS 7+ fileutils update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/oxcTn5I6Lxt0VtoRApDUAKC+Odd3phGL83yEwG+MOWLTJZm/rQCfUdbJ
bWq8pdRqIpGFQkNXV+qVHY0=
=g+Tz
-----END PGP SIGNATURE-----
(10915901) /Immunix Security Team <security@immunix.com>/
10922159 2003-11-01 15:17 -0800 /20 rader/ Seth Arnold <sarnold@wirex.com>
Importerad: 2003-11-03 19:39 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: solar@openwall.com
Extern kopiemottagare: guninski@guninski.com
Mottagare: Bugtraq (import) <29735>
Kommentar till text 10915900 av Immunix Security Team <security@immunix.com>
Ärende: Re: Immunix Secured OS 7+ fileutils update
------------------------------------------------------------
From: Seth Arnold <sarnold@wirex.com>
To: bugtraq@securityfocus.com
Cc: solar@openwall.com, guninski@guninski.com
Message-ID: <20031101231738.GA17154@wirex.com>
On Fri, Oct 31, 2003 at 06:14:44PM -0800, Immunix Security Team wrote:
> Description:
> Georgi Guninski has discovered an off-by-one error in ls(1)'s columns
> handling code. This provided a providential opportunity to handle the
Please accept my apologies for this mistake -- Georgi Guninski found,
and Solar Designer fixed, an integer overflow in ls(1), not an
off-by-one error.
Thanks again to both Georgi and Solar for pointing out my error.
--
http://www.immunix.com/
(10922159) /Seth Arnold <sarnold@wirex.com>/--------
Bilaga (application/pgp-signature) i text 10922160
10922160 2003-11-01 15:17 -0800 /9 rader/ Seth Arnold <sarnold@wirex.com>
Importerad: 2003-11-03 19:39 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: solar@openwall.com
Extern kopiemottagare: guninski@guninski.com
Mottagare: Bugtraq (import) <29736>
Bilaga (application/pgp-signature) till text 10922159
Ärende: Bilaga till: Re: Immunix Secured OS 7+ fileutils update
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/pD8S+9nuM9mwoJkRAvapAKCdmch16PvgXqP/r2FYnUnhMJg4NACfVFbp
GmeSJkU3dUPbus9eP2ozxOg=
=UE8J
-----END PGP SIGNATURE-----
(10922160) /Seth Arnold <sarnold@wirex.com>/--------