ID REDHAT-RHSA-2003-249.NASL Type nessus Reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
Updated glibc packages that fix a number of bugs as well as a buffer
overflow issue are now available.
The GNU libc package (known as glibc) contains the standard C
libraries used by applications.
A bug in the getgrouplist function can cause a buffer overflow if the
size of the group list is too small to hold all the user
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2003:249. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(12414);
script_version ("1.25");
script_cvs_date("Date: 2019/10/25 13:36:10");
script_cve_id("CVE-2003-0689");
script_xref(name:"RHSA", value:"2003:249");
script_name(english:"RHEL 2.1 : glibc (RHSA-2003:249)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated glibc packages that fix a number of bugs as well as a buffer
overflow issue are now available.
The GNU libc package (known as glibc) contains the standard C
libraries used by applications.
A bug in the getgrouplist function can cause a buffer overflow if the
size of the group list is too small to hold all the user's groups.
This overflow can cause segmentation faults in user applications,
which may have security implications, depending on the application in
question. This vulnerability exists only when an administrator has
placed a user in a number of groups larger than that expected by an
application. Therefore, there is no risk in instances where users are
members of few groups. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0689 to this
issue.
In addition, a number of other bugs in glibc have been fixed :
- An error prevented gdb from correctly debugging programs
linked to libpthread.
- A race condition existed in the malloc routine for IA64
platforms, which could cause memory corruption.
- An error in pthread_spinlocks prevents spinlocks from
functioning correctly on IA64 platforms.
All users should upgrade to these errata packages, which contain
patches to the glibc libraries correcting these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2003-0689"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2003:249"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-profile");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/20");
script_set_attribute(attribute:"patch_publication_date", value:"2003/08/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2003:249";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-2.2.4-32.8")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"glibc-2.2.4-32.8")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-common-2.2.4-32.8")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-devel-2.2.4-32.8")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-profile-2.2.4-32.8")) flag++;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"nscd-2.2.4-32.8")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-profile / nscd");
}
}
{"id": "REDHAT-RHSA-2003-249.NASL", "bulletinFamily": "scanner", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "description": "Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user", "published": "2004-07-06T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/12414", "reporter": "This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2003-0689", "https://access.redhat.com/errata/RHSA-2003:249"], "cvelist": ["CVE-2003-0689"], "type": "nessus", "lastseen": "2019-11-01T03:20:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile"], "cvelist": ["CVE-2003-0689"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-10-28T21:07:29", "references": [{"idList": ["GLSA-200311-06"], "type": "gentoo"}, {"idList": ["CVE-2003-0689"], "type": "cve"}, {"idList": ["RHSA-2003:249"], "type": "redhat"}, {"idList": ["OPENVAS:54505"], "type": "openvas"}, {"idList": ["MANDRAKE_MDKSA-2003-107.NASL"], "type": "nessus"}, {"idList": ["OSVDB:9366"], "type": "osvdb"}, {"idList": ["VU:325603"], "type": "cert"}]}, "score": {"modified": "2019-10-28T21:07:29", "value": 7.3, "vector": "NONE"}}, "hash": "e6d3e2c2bec242743b1abcab7894169d07ed0eab4998cd9f5cf554b85540059f", "hashmap": [{"hash": "3c11936f7a3502908671c220149af7d4", "key": "cpe"}, {"hash": "8c779822fafa0aa4a4c7577d65e38371", "key": "reporter"}, {"hash": "b39d0d6ad375f3d0ff028bf76199d199", "key": "description"}, {"hash": "ab2c68f9503b70448f46c7ceb3db0ffe", "key": "sourceData"}, {"hash": "d10499a7eba728a3511a2221975c3a76", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "eca63209986f8545b6ebbb394db5cd05", "key": "references"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "7092d5eb1bbca1a22bdc69ba3f517e68", "key": "pluginID"}, {"hash": "ba8dbf7205184c511a4162236dea723f", "key": "title"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ccb6c59cd832429a506c46ef82366541", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/12414", "id": "REDHAT-RHSA-2003-249.NASL", "lastseen": "2019-10-28T21:07:29", "modified": "2019-10-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "12414", "published": "2004-07-06T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2003-0689", "https://access.redhat.com/errata/RHSA-2003:249"], "reporter": "This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:249\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified"], "edition": 11, "lastseen": "2019-10-28T21:07:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2003-0689"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated glibc packages that fix a number of bugs as well as a buffer overflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C libraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications, which may have security implications, depending on the application in question. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application. Therefore, there is no risk in instances where users are members of few groups. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0689 to this issue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64 platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain patches to the glibc libraries correcting these issues.", "edition": 2, "enchantments": {}, "hash": "4e2c0dedb237966f56ad085d36817ba48c6d707edcc38cdd4fc0f75f894923df", "hashmap": [{"hash": "4f8596244a1cfa6e05fa71f77f3fc07d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "676bcfbb0d4c9f5ff270385a479d6ed1", "key": "modified"}, {"hash": "68fd1a5432df31cf4f07ceaf869be24a", "key": "references"}, {"hash": "a8d4fc316b491af932193fc87ea1fdf4", "key": "description"}, {"hash": "d10499a7eba728a3511a2221975c3a76", "key": "cvelist"}, {"hash": "af1edec59d8b8b85b5832991d3b065cd", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "7092d5eb1bbca1a22bdc69ba3f517e68", "key": "pluginID"}, {"hash": "ba8dbf7205184c511a4162236dea723f", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12414", "id": "REDHAT-RHSA-2003-249.NASL", "lastseen": "2016-12-29T02:16:43", "modified": "2016-12-28T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "12414", "published": "2004-07-06T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0689.html", "http://rhn.redhat.com/errata/RHSA-2003-249.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:43 $\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_osvdb_id(9366);\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0689.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2003-249.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-29T02:16:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile"], "cvelist": ["CVE-2003-0689"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated glibc packages that fix a number of bugs as well as a buffer overflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C libraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications, which may have security implications, depending on the application in question. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application. Therefore, there is no risk in instances where users are members of few groups. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0689 to this issue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64 platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain patches to the glibc libraries correcting these issues.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "aa168c270edc584a41562feae17478312a08c8ea1202499e34d65427a5059be2", "hashmap": [{"hash": "3c11936f7a3502908671c220149af7d4", "key": "cpe"}, {"hash": "4f8596244a1cfa6e05fa71f77f3fc07d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "676bcfbb0d4c9f5ff270385a479d6ed1", "key": "modified"}, {"hash": "68fd1a5432df31cf4f07ceaf869be24a", "key": "references"}, {"hash": "a8d4fc316b491af932193fc87ea1fdf4", "key": "description"}, {"hash": "d10499a7eba728a3511a2221975c3a76", "key": "cvelist"}, {"hash": "af1edec59d8b8b85b5832991d3b065cd", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "7092d5eb1bbca1a22bdc69ba3f517e68", "key": "pluginID"}, {"hash": "ba8dbf7205184c511a4162236dea723f", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12414", "id": "REDHAT-RHSA-2003-249.NASL", "lastseen": "2017-10-29T13:42:58", "modified": "2016-12-28T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "12414", "published": "2004-07-06T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0689.html", "http://rhn.redhat.com/errata/RHSA-2003-249.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"$Revision: 1.19 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:43 $\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_osvdb_id(9366);\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0689.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2003-249.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:42:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile"], "cvelist": ["CVE-2003-0689"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated glibc packages that fix a number of bugs as well as a buffer overflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C libraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications, which may have security implications, depending on the application in question. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application. Therefore, there is no risk in instances where users are members of few groups. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0689 to this issue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64 platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain patches to the glibc libraries correcting these issues.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "d1d4b56ccfe793e1f0a9e4e4b44fb6d65bab65d9e427e86e049bacfe17387100", "hashmap": [{"hash": "3c11936f7a3502908671c220149af7d4", "key": "cpe"}, {"hash": "4f8596244a1cfa6e05fa71f77f3fc07d", "key": "href"}, {"hash": "764dd47113ef5e1a52ee1cd283dc3fde", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "68fd1a5432df31cf4f07ceaf869be24a", "key": "references"}, {"hash": "a8d4fc316b491af932193fc87ea1fdf4", "key": "description"}, {"hash": "d10499a7eba728a3511a2221975c3a76", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "7092d5eb1bbca1a22bdc69ba3f517e68", "key": "pluginID"}, {"hash": "ba8dbf7205184c511a4162236dea723f", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12414", "id": "REDHAT-RHSA-2003-249.NASL", "lastseen": "2018-09-02T00:01:50", "modified": "2018-08-13T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "12414", "published": "2004-07-06T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0689.html", "http://rhn.redhat.com/errata/RHSA-2003-249.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0689.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2003-249.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-02T00:01:50"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile"], "cvelist": ["CVE-2003-0689"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-01-16T20:05:25", "references": [{"idList": ["GLSA-200311-06"], "type": "gentoo"}, {"idList": ["CVE-2003-0689"], "type": "cve"}, {"idList": ["RHSA-2003:249"], "type": "redhat"}, {"idList": ["OPENVAS:54505"], "type": "openvas"}, {"idList": ["MANDRAKE_MDKSA-2003-107.NASL"], "type": "nessus"}, {"idList": ["OSVDB:9366"], "type": "osvdb"}, {"idList": ["VU:325603"], "type": "cert"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "641eeb0e818d1bf30293b151e9c5c555ca470329fbc5c97f371bb77e9be39d8c", "hashmap": [{"hash": "3c11936f7a3502908671c220149af7d4", "key": "cpe"}, {"hash": "4f8596244a1cfa6e05fa71f77f3fc07d", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b33eec5eb47693aa11904184d1fc592f", "key": "sourceData"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "d10499a7eba728a3511a2221975c3a76", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "eca63209986f8545b6ebbb394db5cd05", "key": "references"}, {"hash": "474949ab6fbff659080be277e7c5ac16", "key": "published"}, {"hash": "7092d5eb1bbca1a22bdc69ba3f517e68", "key": "pluginID"}, {"hash": "13e7502578c3372c68b1411c2adaf465", "key": "description"}, {"hash": "ba8dbf7205184c511a4162236dea723f", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=12414", "id": "REDHAT-RHSA-2003-249.NASL", "lastseen": "2019-01-16T20:05:25", "modified": "2018-11-15T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "12414", "published": "2004-07-06T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2003-0689", "https://access.redhat.com/errata/RHSA-2003:249"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 11:40:29\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:249\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "title": "RHEL 2.1 : glibc (RHSA-2003:249)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 9, "lastseen": "2019-01-16T20:05:25"}], "edition": 12, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3c11936f7a3502908671c220149af7d4"}, {"key": "cvelist", "hash": "d10499a7eba728a3511a2221975c3a76"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "b39d0d6ad375f3d0ff028bf76199d199"}, {"key": "href", "hash": "ccb6c59cd832429a506c46ef82366541"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "7092d5eb1bbca1a22bdc69ba3f517e68"}, {"key": "published", "hash": "474949ab6fbff659080be277e7c5ac16"}, {"key": "references", "hash": "eca63209986f8545b6ebbb394db5cd05"}, {"key": "reporter", "hash": "8c779822fafa0aa4a4c7577d65e38371"}, {"key": "sourceData", "hash": "ab2c68f9503b70448f46c7ceb3db0ffe"}, {"key": "title", "hash": "ba8dbf7205184c511a4162236dea723f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "603b33141922a1ab7d8cfd2573788c419e1edb24196dc8cca303f6293beb594b", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0689"]}, {"type": "osvdb", "idList": ["OSVDB:9366"]}, {"type": "gentoo", "idList": ["GLSA-200311-06"]}, {"type": "openvas", "idList": ["OPENVAS:54505"]}, {"type": "redhat", "idList": ["RHSA-2003:249"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2003-107.NASL"]}, {"type": "cert", "idList": ["VU:325603"]}], "modified": "2019-11-01T03:20:08"}, "score": {"value": 7.3, "vector": "NONE", "modified": "2019-11-01T03:20:08"}, "vulnersScore": 7.3}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:249. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12414);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_xref(name:\"RHSA\", value:\"2003:249\");\n\n script_name(english:\"RHEL 2.1 : glibc (RHSA-2003:249)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glibc packages that fix a number of bugs as well as a buffer\noverflow issue are now available.\n\nThe GNU libc package (known as glibc) contains the standard C\nlibraries used by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if the\nsize of the group list is too small to hold all the user's groups.\nThis overflow can cause segmentation faults in user applications,\nwhich may have security implications, depending on the application in\nquestion. This vulnerability exists only when an administrator has\nplaced a user in a number of groups larger than that expected by an\napplication. Therefore, there is no risk in instances where users are\nmembers of few groups. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0689 to this\nissue.\n\nIn addition, a number of other bugs in glibc have been fixed :\n\n - An error prevented gdb from correctly debugging programs\n linked to libpthread.\n\n - A race condition existed in the malloc routine for IA64\n platforms, which could cause memory corruption.\n\n - An error in pthread_spinlocks prevents spinlocks from\n functioning correctly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain\npatches to the glibc libraries correcting these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:249\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:249\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"glibc-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-common-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-devel-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"glibc-profile-2.2.4-32.8\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"nscd-2.2.4-32.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-profile / nscd\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "12414", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:nscd", "p-cpe:/a:redhat:enterprise_linux:glibc-profile"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:07:57", "bulletinFamily": "NVD", "description": "The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.", "modified": "2008-09-10T19:20:00", "id": "CVE-2003-0689", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0689", "published": "2003-10-20T04:00:00", "title": "CVE-2003-0689", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2003:325\nRedHat RHSA: RHSA-2003:249\nISS X-Force ID: 13053\n[CVE-2003-0689](https://vulners.com/cve/CVE-2003-0689)\nBugtraq ID: 8477\n", "modified": "2003-08-14T00:00:00", "published": "2003-08-14T00:00:00", "id": "OSVDB:9366", "href": "https://vulners.com/osvdb/OSVDB:9366", "title": "GNU libc (glibc) getgrouplist Local Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nglibc is the GNU C library. \n\n### Description\n\nA bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application. \n\n### Impact\n\nApplications that use getgrouplist can crash. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nIt is recommended that all Gentoo Linux users update their systems as follows: \n \n \n # emerge sync\n # emerge -pv '>=sys-libs/glibc-2.2.5'\n # emerge '>=sys-libs/glibc-2.2.5'\n # emerge clean", "modified": "2003-11-22T00:00:00", "published": "2003-11-22T00:00:00", "id": "GLSA-200311-06", "href": "https://security.gentoo.org/glsa/200311-06", "type": "gentoo", "title": "glibc: getgrouplist buffer overflow vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200311-06.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54505", "id": "OPENVAS:54505", "title": "Gentoo Security Advisory GLSA 200311-06 (glibc)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"glibc contains a buffer overflow in the getgrouplist function.\";\ntag_solution = \"It is recommended that all Gentoo Linux users update their systems as\nfollows:\n\n # emerge sync\n # emerge -pv '>=sys-libs/glibc-2.2.5'\n # emerge '>=sys-libs/glibc-2.2.5'\n # emerge clean\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200311-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=33383\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200311-06.\";\n\n \n\nif(description)\n{\n script_id(54505);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2003-0689\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200311-06 (glibc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-libs/glibc\", unaffected: make_list(\"ge 2.2.5\"), vulnerable: make_list(\"le 2.2.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "description": "The GNU libc package (known as glibc) contains the standard C libraries\nused by applications.\n\nA bug in the getgrouplist function can cause a buffer overflow if \nthe size of the group list is too small to hold all the user's groups. \nThis overflow can cause segmentation faults in user applications, which may\nhave security implications, depending on the application in question. This\nvulnerability exists only when an administrator has placed a user in a\nnumber of groups larger than that expected by an application. Therefore,\nthere is no risk in instances where users are members of few groups. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2003-0689 to this issue.\n\nIn addition, a number of other bugs in glibc have been fixed:\n \n- An error prevented gdb from correctly debugging programs linked to\nlibpthread. \n \n- A race condition existed in the malloc routine for IA64 platforms, which\ncould cause memory corruption.\n\n- An error in pthread_spinlocks prevents spinlocks from functioning\ncorrectly on IA64 platforms.\n\nAll users should upgrade to these errata packages, which contain patches to\nthe glibc libraries correcting these issues.", "modified": "2018-03-14T19:26:09", "published": "2003-08-22T04:00:00", "id": "RHSA-2003:249", "href": "https://access.redhat.com/errata/RHSA-2003:249", "type": "redhat", "title": "(RHSA-2003:249) glibc security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:54:55", "bulletinFamily": "scanner", "description": "A bug was discovered in the getgrouplist function in glibc that can\ncause a buffer overflow if the size of the group list is too small to\nhold all the user", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2003-107.NASL", "href": "https://www.tenable.com/plugins/nessus/14089", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : glibc (MDKSA-2003:107)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:107. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14089);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:47\");\n\n script_cve_id(\"CVE-2003-0689\");\n script_xref(name:\"MDKSA\", value:\"2003:107\");\n\n script_name(english:\"Mandrake Linux Security Advisory : glibc (MDKSA-2003:107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug was discovered in the getgrouplist function in glibc that can\ncause a buffer overflow if the size of the group list is too small to\nhold all the user's groups. This overflow can cause segementation\nfaults in various user applications, some of which may lead to\nadditional security problems. The problem can only be triggered if the\nuser is in a larger number of groups than expected by an application.\n\nThe provided packages are patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ldconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:timezone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-devel-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-i18ndata-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-profile-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-static-devel-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"glibc-utils-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"ldconfig-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"nscd-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"timezone-2.2.5-16.3.90mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-debug-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-devel-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-i18ndata-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-profile-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-static-devel-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"glibc-utils-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"ldconfig-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"nscd-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"timezone-2.3.1-10.1.91mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2019-10-09T19:52:41", "bulletinFamily": "info", "description": "### Overview \n\nSome versions of the [rsync](<http://rsync.samba.org/>) program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.\n\n### Description \n\nrsync is an[](<http://www.opensource.org/>) open source utility that provides fast incremental file transfer. It features the ability to operate as either a client or server when transferring data over a network.\n\nAn integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network. \n \nVersions of the rsync software 2.5.6 and earlier contain this flaw. **Note:** We have received reports of this vulnerability being used to successfully compromise systems. \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of the user running the rsync server, often `root`. \n \n--- \n \n### Solution \n\n**Apply patches** \n \nrsync version 2.5.7 has been released and contains patches to address this vulnerability. \n \nUsers using packaged versions of the rsync software are encouraged to review the vendor information in the Systems Affected section of this document for more details. Users compiling the rsync software from the distribution source code can obtain the patched version from the [rsync homepage](<http://rsync.samba.org/>). \n \n--- \n \n**Workarounds**\n\n \nAdministrators, particularly those who are unable to apply the patches in a timely fashion, are encouraged to consider implementing the following workarounds: \n\n\n * Disable the rsync service on systems that do not require it to be running.\n * Filter access to the rsync service. The rsync service normally runs on port `873/tcp`. Limiting access to this port from trusted clients may reduce exposure to this vulnerability. \n--- \n \n### Vendor Information\n\n325603\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Apple Computer, Inc.\n\nUpdated: January 21, 2004 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nThe following is Apple's response for the Jaguar (MacOS X 10.2.x) product:\n\n[](<https://vince-uploaded.s3.amazonaws.com/static/vulcoord/files/CRDY-5VET4H_attach_APPLE-SA-2003-12-19_Jaguar.asc> \"APPLE-SA-2003-12-19_Jaguar.asc\" ) \n \nThe following is Apple's response for the Panther (MacOS X 10.3.x) product: \n \n[](<https://vince-uploaded.s3.amazonaws.com/static/vulcoord/files/CRDY-5VET4H_attach_APPLE-SA-2003-12-19_Panther.asc> \"APPLE-SA-2003-12-19_Panther.asc\" )\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ Debian Linux\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nDebian Security Advisory DSA 404-1 security@debian.org \n<http://www.debian.org/security/> Martin Schulze \nDecember 4th, 2003 <http://www.debian.org/security/faq> \n- --------------------------------------------------------------------------` \n \n`Package : rsync \nVulnerability : heap overflow \nProblem-Type : remote \nDebian-specific: no \nCVE ID : CAN-2003-0962` \n \n`The rsync team has received evidence that a vulnerability in all \nversions of rsync prior to 2.5.7, a fast remote file copy program, was \nrecently used in combination with a Linux kernel vulnerability to \ncompromise the security of a public rsync server.` \n \n`While this heap overflow vulnerability could not be used by itself to \nobtain root access on an rsync server, it could be used in combination \nwith the recently announced do_brk() vulnerability in the Linux kernel \nto produce a full remote compromise.` \n \n`Please note that this vulnerability only affects the use of rsync as \nan \"rsync server\". To see if you are running a rsync server you \nshould use the command \"netstat -a -n\" to see if you are listening on \nTCP port 873. If you are not listening on TCP port 873 then you are \nnot running an rsync server.` \n \n`For the stable distribution (woody) this problem has been fixed in \nversion 2.5.5-0.2.` \n \n`For the unstable distribution (sid) this problem has been fixed in \nversion 2.5.6-1.1.` \n \n`However, since the Debian infrastructure is not yet fully functional \nafter the recent break-in, packages for the unstable distribution are \nnot able to enter the archive for a while. Hence they were placed in \nmy home directory on the security machine:` \n \n` <<http://klecker.debian.org/~joey/rsync/>>` \n \n`We recommend that you upgrade your rsync package immediately if you \nare providing remote sync services. If you are running testing and \nprovide remote sync services please use the packages for woody.` \n \n \n`Upgrade Instructions \n- --------------------` \n \n`wget url \nwill fetch the file for you \ndpkg -i file.deb \nwill install the referenced file.` \n \n`If you are using the apt-get package manager, use the line for \nsources.list as given below:` \n \n`apt-get update \nwill update the internal database \napt-get upgrade \nwill install corrected packages` \n \n`You may use an automated update by adding the resources from the \nfooter to the proper configuration.` \n \n \n`Debian GNU/Linux 3.0 alias woody \n- --------------------------------` \n \n` Source archives:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.dsc> \nSize/MD5 checksum: 545 466c30b8dac303dc23a4e33bb64710ca \n<http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.diff.gz> \nSize/MD5 checksum: 91526 a81021e1b1b60ae99e3fc95262ca96d6 \n<http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz> \nSize/MD5 checksum: 415156 39d76c62684750842d3884a77c2e5466` \n \n` Alpha architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_alpha.deb> \nSize/MD5 checksum: 227344 b885337ced8ec3c902b4ef43d560cff5` \n \n` ARM architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_arm.deb> \nSize/MD5 checksum: 206240 4e39539b438128912b4d0f4971134eb4` \n \n` Intel IA-32 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_i386.deb> \nSize/MD5 checksum: 199034 50f61c7b8a009767093e36ba68790a7b` \n \n` Intel IA-64 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_ia64.deb> \nSize/MD5 checksum: 255378 886348cd33646fc167da6b1a9cbdc165` \n \n` HP Precision architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_hppa.deb> \nSize/MD5 checksum: 213962 6057690f85e14d01072ab6a84ad52996` \n \n` Motorola 680x0 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_m68k.deb> \nSize/MD5 checksum: 189620 d3c784bb621d2c7a66a2bd3fa418fad8` \n \n` Big endian MIPS architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mips.deb> \nSize/MD5 checksum: 216122 f22358818b785d4bdb43cc56e0140f0a` \n \n` Little endian MIPS architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mipsel.deb> \nSize/MD5 checksum: 216420 1e40db535e7b1d8340d65f101b2bb60a` \n \n` PowerPC architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_powerpc.deb> \nSize/MD5 checksum: 205436 d4bc1decf806f2102f434875ab4aa66e` \n \n` Sun Sparc architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_sparc.deb> \nSize/MD5 checksum: 205234 510bca72eacacf257b170da8c66b2255` \n \n \n` These files will probably be moved into the stable distribution on \nits next revision.` \n \n`- --------------------------------------------------------------------------------- \nFor apt-get: deb <http://security.debian.org/> stable/updates main \nFor dpkg-ftp: <ftp://security.debian.org/debian-security> dists/stable/updates/main \nMailing list: debian-security-announce@lists.debian.org \nPackage info: `apt-cache show <pkg>' and <http://packages.debian.org/><pkg>` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/z1w+W5ql+IAeqTIRAjA1AKC2+FkwWYUldK/vIazUi5wQkUYUaQCgl0S2 \ncKh+9lGwpAOPnSfTWxs9QgM= \n=EV6V \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ FreeBSD, Inc.\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`rsync` is included as a third-party \"port\" in the FreeBSD system. A fix was committed to the FreeBSD ports collection CVS repository on 2003-12-04. FreeBSD users who have installed the `rsync` port are encouraged to update their ports tree and reinstall with the patched version.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ Gentoo Linux\n\nUpdated: August 02, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Gentoo Linux Security Team has released [GLSA-200312-03](<http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ Guardian Digital Inc.\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`+------------------------------------------------------------------------+ \n| Guardian Digital Security Advisory December 04, 2003 | \n| <http://www.guardiandigital.com> ESA-20031204-032 | \n| | \n| Package: rsync | \n| Summary: heap overflow vulnerability | \n+------------------------------------------------------------------------+` \n \n` EnGarde Secure Linux is an enterprise class Linux platform engineered \nto enable corporations to quickly and cost-effectively build a complete \nand secure Internet presence while preventing Internet threats.` \n \n`OVERVIEW \n- -------- \nA heap overflow vulnerability has been discovered in all versions of \nrsync prior to 2.5.7. This vulnerability, exploitable when rsync is \nbeing run in \"server mode\", may allow the attacker to run arbitrary \ncode on the compromised server.` \n \n` Guardian Digital has backported these fixes to version 2.4.6.` \n \n` The Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0962 to this issue.` \n \n` Guardian Digital products affected by this issue include:` \n \n` EnGarde Secure Community v1.0.1 \nEnGarde Secure Community v2 \nEnGarde Secure Professional v1.1 \nEnGarde Secure Professional v1.2 \nEnGarde Secure Professional v1.5` \n \n` It is recommended that all users apply this update as soon as possible.` \n \n`SOLUTION \n- -------- \nGuardian Digital Secure Network subscribers may automatically update \naffected systems by accessing their account from within the Guardian \nDigital WebTool.` \n \n` To modify your GDSN account and contact preferences, please go to:` \n \n` <https://www.guardiandigital.com/account/>` \n \n` Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:` \n \n` SRPMS/rsync-2.4.6-1.0.7.src.rpm \nMD5 Sum: 0059b139dce38f237019ae64a5dfbd84` \n \n` i386/rsync-2.4.6-1.0.7.i386.rpm \nMD5 Sum: 3d6cba56a9ccf244f7078cdfc1704b5d` \n \n` i686/rsync-2.4.6-1.0.7.i686.rpm \nMD5 Sum: 68392cd5df92513f75107c037e7c6a29` \n \n`REFERENCES \n- ---------- \nGuardian Digital's public key: \n<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>` \n \n` rsync's Official Web Site: \n<http://rsync.samba.org>` \n \n` Guardian Digital Advisories: \n<http://infocenter.guardiandigital.com/advisories/>` \n \n` Security Contact: security@guardiandigital.com` \n \n`- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2003, Guardian Digital, Inc.` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux)` \n \n`iD8DBQE/z4wBHD5cqd57fu0RAtoCAKCOn4ObAhwgBnVw/iFSd+Gne8kliACeMrtV \nY2hQtIKhRq9ZZspp/BpPoDc= \n=TrBp \n-----END PGP SIGNATURE----- \n------------------------------------------------------------------------ \nTo unsubscribe email engarde-security-request@engardelinux.org \nwith \"unsubscribe\" in the subject of the message.` \n \n`Copyright(c) 2003 Guardian Digital, Inc. GuardianDigital.com \n------------------------------------------------------------------------`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ Immunix\n\nUpdated: August 02, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Immunix Security Team has published Immunix Secured OS Security Advisory [IMNX-2003-73-001-01](<http://download.immunix.org/ImmunixOS/7.3/Updates/errata/IMNX-2003-73-001-01>)in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ Mandriva, Inc.\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- --------------------------------------------------------------------------` \n \n`PACKAGE : rsync \nSUMMARY : Fix for remote vulnerability \nDATE : 2003-12-04 18:46:00 \nID : CLA-2003:794 \nRELEVANT \nRELEASES : 8, 9` \n \n`- -------------------------------------------------------------------------` \n \n`DESCRIPTION \n\"rsync\"[1] is a program used mainly to mirror files between remote \nsites. \n \nrsync versions prior to 2.5.7 have a heap buffer overflow \nvulnerability[2] which can be exploited by remote attackers to \nexecute arbitrary code. \n \nThis vulnerability specially affects installations where rsync is \nused as a server/daemon, that is, where it was started with the \n--daemon command line argument. \n \nA new rsync version, 2.5.7, was released by the authors to address \nthis vulnerability.` \n \n \n`SOLUTION \nIt is recommended that all rsync users upgrade their packages. \n \nIMPORTANT: after the update, the rsync server must be restarted \nmanually if it was already running. \n \n \nREFERENCES \n1. <http://rsync.samba.org/> \n2. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962>` \n \n \n`UPDATED PACKAGES \n<ftp://atualizacoes.conectiva.com.br/8/SRPMS/rsync-2.5.7-5U80_1cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/rsync-2.5.7-5U80_1cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/SRPMS/rsync-2.5.7-13508U90_1cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/rsync-2.5.7-13508U90_1cl.i386.rpm>` \n \n \n`ADDITIONAL INSTRUCTIONS \nThe apt tool can be used to perform RPM packages upgrades:` \n \n` - run: apt-get update \n- after that, execute: apt-get upgrade` \n \n` Detailed instructions reagarding the use of apt and upgrade examples \ncan be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n<http://distro.conectiva.com.br/seguranca/chave/?idioma=en> \nInstructions on how to check the signatures of the RPM packages can be \nfound at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n<http://distro.conectiva.com.br/atualizacoes/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nCopyright (c) 2003 Conectiva Inc. \n<http://www.conectiva.com>` \n \n`- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`iD8DBQE/z50v42jd0JmAcZARAi28AKC87tMeZ78lZDrz7r2VQ37VLcE3FQCg0639 \n36tHDoREvYy7zxf45fVsP0U= \n=rxDT \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ OpenBSD\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`A heap overflow exists in rsync versions 2.5.6 and below that can \nbe used by an attacker to run arbitrary code. The bug only affects \nrsync in server (daemon) mode and occurs *after* rsync has dropped \nprivileges. By default, server will chroot(2) to the root of the \nfile tree being served which significantly mitigates the impact of \nthe bug. Installations that disable this behavior by placing \"use \nchroot = no\" in rsyncd.conf are vulnerable to attack. \n`\n\n`Sites that do run rsync in server mode should update their rsync \npackage as soon as possible. The rsync port has been updated in \nthe 3.3 and 3.4 -stable branches and a new binary package has been \nbuilt for OpenBSD 3.4/i386. It can be downloaded from: \n` \n`<ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz>`` \n` \n`For more information on the bug, see: \n` \n`<http://rsync.samba.org/>`` \n` \n`For more information on packages errata, see: \n` \n`<http://www.openbsd.org/pkg-stable.html>`` \n`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ OpenPKG\n\nUpdated: August 02, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG Security Team has released [OpenPKG-SA-2003.051](<http://www.openpkg.org/security/OpenPKG-SA-2003.051-rsync.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ SCO\n\nUpdated: August 02, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe SCO Group has released SCO Security Advisory [CSSA-2004-010.0](<ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-010.0.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ SGI\n\nUpdated: January 21, 2004 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----`\n\n`______________________________________________________________________________ \nSGI Security Advisory` \n \n` Title : SGI Advanced Linux Environment security update #6 \nNumber : 20031202-01-U \nDate : December 10, 2003 \nReference : Red Hat Advisory RHSA-2003:399-06, CAN-2003-0962 \nFixed in : Patch 10037 for SGI ProPack v2.3 \n______________________________________________________________________________` \n \n`SGI provides this information freely to the SGI user community for its \nconsideration, interpretation, implementation and use. SGI recommends that \nthis information be acted upon as soon as possible.` \n \n`SGI provides the information in this Security Advisory on an \"AS-IS\" basis \nonly, and disclaims all warranties with respect thereto, express, implied \nor otherwise, including, without limitation, any warranty of merchantability \nor fitness for a particular purpose. In no event shall SGI be liable for \nany loss of profits, loss of business, loss of data or for any indirect, \nspecial, exemplary, incidental or consequential damages of any kind arising \nfrom your use of, failure to use or improper use of any of the instructions \nor information in this Security Advisory. \n______________________________________________________________________________` \n \n`- -------------- \n- --- Update --- \n- --------------` \n \n`SGI has released Patch 10037: SGI Advanced Linux Environment security \nupdate #6, which includes updated RPMs for SGI ProPack v2.3 for the Altix \nfamily of systems, in response to the following erratas released by Red Hat:` \n \n` New rsync packages fix remote security vulnerability \n<http://rhn.redhat.com/errata/RHSA-2003-399.html>` \n \n`Patch 10037 is available from <http://support.sgi.com/> and \n<ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/>` \n \n`The individual RPMs from Patch 10037 are available from: \n<ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/RPMS> \n<ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/SRPMS>` \n \n \n`- ------------- \n- --- Links --- \n- -------------` \n \n`SGI Security Advisories can be found at: \n<http://www.sgi.com/support/security/> and \n<ftp://patches.sgi.com/support/free/security/advisories/>` \n \n`Red Hat Errata: Security Alerts, Bugfixes, and Enhancements \n<http://www.redhat.com/apps/support/errata/>` \n \n`SGI Advanced Linux Environment security updates can found on: \n<ftp://oss.sgi.com/projects/sgi_propack/download/>` \n \n`SGI patches can be found at the following patch servers: \n<http://support.sgi.com/>` \n \n`The primary SGI anonymous FTP site for security advisories and \nsecurity patches is <ftp://patches.sgi.com/support/free/security/>` \n \n \n`- ----------------------------------------- \n- --- SGI Security Information/Contacts --- \n- -----------------------------------------` \n \n`If there are questions about this document, email can be sent to \nsecurity-info@sgi.com.` \n \n` ------oOo------` \n \n`SGI provides security information and patches for use by the entire SGI \ncommunity. This information is freely available to any person needing the \ninformation and is available via anonymous FTP and the Web.` \n \n`The primary SGI anonymous FTP site for security advisories and patches is \npatches.sgi.com. Security advisories and patches are located under the URL \n<ftp://patches.sgi.com/support/free/security/>` \n \n`The SGI Security Headquarters Web page is accessible at the URL: \n<http://www.sgi.com/support/security/>` \n \n`For issues with the patches on the FTP sites, email can be sent to \nsecurity-info@sgi.com.` \n \n`For assistance obtaining or working with security patches, please \ncontact your SGI support provider.` \n \n` ------oOo------` \n \n`SGI provides a free security mailing list service called wiretap and \nencourages interested parties to self-subscribe to receive (via email) all \nSGI Security Advisories when they are released. Subscribing to the mailing \nlist can be done via the Web \n(<http://www.sgi.com/support/security/wiretap.html>) or by sending email to \nSGI as outlined below.` \n \n`% mail wiretap-request@sgi.com \nsubscribe wiretap < YourEmailAddress such as midwatch@sgi.com > \nend \n^d` \n \n`In the example above, <YourEmailAddress> is the email address that you wish \nthe mailing list information sent to. The word end must be on a separate \nline to indicate the end of the body of the message. The control-d (^d) is \nused to indicate to the mail program that you are finished composing the \nmail message.` \n \n \n` ------oOo------` \n \n`SGI provides a comprehensive customer World Wide Web site. This site is \nlocated at <http://www.sgi.com/support/security/> .` \n \n` ------oOo------` \n \n`If there are general security questions on SGI systems, email can be sent to \nsecurity-info@sgi.com.` \n \n`For reporting *NEW* SGI security issues, email can be sent to \nsecurity-alert@sgi.com or contact your SGI support provider. A support \ncontract is not required for submitting a security report.` \n \n`______________________________________________________________________________ \nThis information is provided freely to all interested parties \nand may be redistributed provided that it is not altered in any \nway, SGI is appropriately credited and the document retains and \nincludes its valid PGP signature.` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: 2.6.2` \n \n`iQCVAwUBP9dSdLQ4cFApAP75AQEpvwP/VUYN6tEWVK47JO90wYp/eGobWry029x4 \nbrCSObwxcogBJhmUlc/ertL6UDAVoE99cC9Q6xqcSROw+SqAQvOs0ak0vyxEJLqR \nSY/Qlzh0RqWtw+dnCfrHd+NNlMbhg1wol9iYGFcYfvs9zq/9g7DGghZY6limDQTr \nJEGOtCeFyGA= \n=VZhA \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ SUSE Linux\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----`\n\n`______________________________________________________________________________` \n \n` SUSE Security Announcement` \n \n` Package: rsync \nAnnouncement-ID: SuSE-SA:2003:050 \nDate: Thursday, Dec 4th 2003 14:30 MET \nAffected products: 7.3, 8.0, 8.1, 8.2, 9.0 \nSuSE Linux Database Server, \nSuSE eMail Server III, 3.1 \nSuSE Linux Enterprise Server 7, 8 \nSuSE Linux Firewall on CD/Admin host \nSuSE Linux Connectivity Server \nSuSE Linux Office Server \nVulnerability Type: local privilege escalation \nSeverity (1-10): 4 \nSUSE default package: no \nCross References: CAN-2003-0962` \n \n` Content of this advisory: \n1) security vulnerability resolved: heap overflow \nproblem description, discussion, solution and upgrade information \n2) pending vulnerabilities, solutions, workarounds: \n- discontinue of SuSE Linux 7.3 \n- KDE \n- mc \n- apache \n- screen \n- mod_gzip \n- unace \n3) standard appendix (further information)` \n \n`______________________________________________________________________________` \n \n`1) problem description, brief discussion, solution, upgrade information` \n \n` The rsync suite provides client and server tools to easily support an \nadministrator keeping the files of different machines in sync. \nIn most private networks the rsync client tool is used via SSH to fulfill \nhis tasks. In an open environment rsync is run in server mode accepting \nconnections from many untrusted hosts with, but mostly without, \nauthentication. \nThe rsync server drops its root privileges soon after it was started and \nper default creates a chroot environment. \nDue to insufficient integer/bounds checking in the server code a heap \noverflow can be triggered remotely to execute arbitrary code. This code \ndoes not get executed as root and access is limited to the chroot \nenvironment. The chroot environment maybe broken afterwards by abusing \nfurther holes in system software or holes in the chroot setup.` \n \n` Your are not vulnerable as long as you do not use rsync in server mode \nor you use authentication to access the rsync server.` \n \n` As a temporary workaround you can disable access to your rsync server for \nuntrusted parties, enable authentication or switch back to rsync via SSH.` \n \n` Please download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the package using the command \"rpm -Fhv file.rpm\" to apply \nthe update. \nOur maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web.` \n \n \n \n` Intel i386 Platform:` \n \n` SuSE-9.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/rsync-2.5.6-193.i586.rpm> \ne848708286572c8a793819e5a358274a \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/rsync-2.5.6-193.i586.patch.rpm> \nd70f7726a2c8850a8c085bdbe9afbf27 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/rsync-2.5.6-193.src.rpm> \n45e14417a64704fcee1dfea390a5b3f6` \n \n` SuSE-8.2: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/rsync-2.5.6-193.i586.rpm> \n341d1da31000831d994e48d0714b576d \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/rsync-2.5.6-193.i586.patch.rpm> \nd94f1a84fc07e92dfc87471f909314c9 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/rsync-2.5.6-193.src.rpm> \n16b19cc2331ff577f2d1f9e116e74625` \n \n` SuSE-8.1: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/rsync-2.5.5-258.i586.rpm> \n28799a5950666eb7f104e2831575fb3c \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/rsync-2.5.5-258.i586.patch.rpm> \n02557d2de1dc27ffd97845ebabb336b6 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/rsync-2.5.5-258.src.rpm> \n6a7cd73509acf3cca12d9a4f4b3aec98` \n \n` SuSE-8.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/rsync-2.4.6-499.i386.rpm> \ncf9fde4bcf1f3af3e3c5ae6bf5ceba85 \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/rsync-2.4.6-499.i386.patch.rpm> \n0a61425e9bb345fe73e42926408257cb \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/rsync-2.4.6-499.src.rpm> \nd5c29841ff1f387cb003c359eee868df` \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/rsync-2.4.6-499.i386.rpm> \n67b2400ee15d739e75a1463db7d003ca \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/rsync-2.4.6-499.src.rpm> \nececccdf316a4d98c66315fc560eb9b1` \n \n \n \n` Sparc Platform:` \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/rsync-2.4.6-190.sparc.rpm> \nbd408eb2cfe82206439c78a1fbaecf60 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/rsync-2.4.6-190.src.rpm> \ne500422c7cf0dc39c6bb3cf2445d9998` \n \n \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/rsync-2.4.6-309.ppc.rpm> \n7eebb018bce237a4f351f5e00761ead1 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/rsync-2.4.6-309.src.rpm> \n2dd16900d70cbf06454dcd52b822a0ae` \n \n`______________________________________________________________________________` \n \n`2) Pending vulnerabilities in SUSE Distributions and Workarounds:` \n \n` - discontinue of SuSE Linux 7.3 \nTwo years after the release, SUSE will discontinue providing updates \nand security fixes for the SuSE Linux 7.3 consumer product on the \nIntel i386 and the PPC Power PC architectures. Vulnerabilities found \nafter December 15th 2003 will not be fixed any more for SuSE Linux \n7.3. \nDirectory structures referring to the SuSE Linux 7.3 release will be \nmoved to the discontinued/ tree on our main ftp server ftp.suse.com \nthe distribution directories first, followed by the update/ directory \ntree in January 2004. \nPlease note that our SuSE Linux Enterprise Server family products have \na much longer support period. These products are not concerned by this \nannouncement.` \n \n` - KDE \nNew KDE packages are currently being tested. These packages fixes \nseveral vulnerabilities: \n+ remote root compromise (CAN-2003-0690) \n+ weak cookies (CAN-2003-0692) \n+ SSL man-in-the-middle attack \n+ information leak through HTML-referrer (CAN-2003-0459) \n+ wrong file permissions of config files \nThe packages will be release as soon as testing is finished.` \n \n` - mc \nBy using a special combination of links in archive-files it is possible \nto execute arbitrary commands while mc tries to open it in its VFS. \nThe packages are currently tested and will be release as soon as \npossible.` \n \n` - apache1/2 \nThe widely used HTTP server apache has several security vulnerabilities: \n- locally exploitable buffer overflow in the regular expression code. \nThe attacker must be able to modify .htaccess or httpd.conf. \n(affects: mod_alias and mod_rewrite) \n- under some circumstances mod_cgid will output its data to the \nwrong client (affects: apache2) \nUpdate packages are available on our FTP servers.` \n \n` - freeradius \nTwo vulnerabilities were found in the FreeRADIUS package. \nThe remote denial-of-service attack bug was fixed and new packages \nwill be released as soon as testing was successfully finished. \nThe other bug is a remote buffer overflow in the module rlm_smb. \nWe do not ship this module and will fix it for future releases.` \n \n` - screen \nA buffer overflow in screen was reported. Since SuSE Linux 8.0 \nwe do not ship screen with the s-bit anymore. An update package \nwill be released for 7.3 as soon as possible.` \n \n` - mod_gzip \nThe apache module mod_gzip is vulnerable to remote code execution \nwhile running in debug-mode. We do not ship this module in debug-mode \nbut future versions will include the fix. \nAdditionally the mod_gzip code was audited to fix more possible security \nrelated bugs.` \n \n` - unace \nThe tool unace for handling the archive format ACE is vulnerable to \na buffer overflow that can be triggered with long file-names as command \nline argument. This only affects unace version 2.5. Unfortunately this \ntool is provided closed source only from the author. Therefore we are \nunable to check for other bugs or look at the patch. \nUpdate packages are available from our FTP servers. \n \n______________________________________________________________________________` \n \n`3) standard appendix: authenticity verification, additional information` \n \n` - Package authenticity verification:` \n \n` SUSE update packages are available on many mirror ftp servers all over \nthe world. While this service is being considered valuable and important \nto the free and open source software community, many users wish to be \nsure about the origin of the package and its content before installing \nthe package. There are two verification methods that can be used \nindependently from each other to prove the authenticity of a downloaded \nfile or rpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package.` \n \n` 1) execute the command \nmd5sum <name-of-the-file.rpm> \nafter you downloaded the file from a SUSE ftp server or its mirrors. \nThen, compare the resulting md5sum with the one that is listed in the \nannouncement. Since the announcement containing the checksums is \ncryptographically signed (usually using the key security@suse.de), \nthe checksums show proof of the authenticity of the package. \nWe disrecommend to subscribe to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless.` \n \n` 2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command \nrpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites: \na) gpg is installed \nb) The package is signed using a certain key. The public part of this \nkey must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SUSE in rpm packages for SUSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root): \ngpg --batch; gpg < announcement.txt | gpg --import \nSUSE Linux distributions version 7.1 and thereafter install the` \n` key \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at <ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de> .` \n \n \n` - SUSE runs two security mailing lists to which any interested party may \nsubscribe:` \n \n` suse-security@suse.com \n- general/linux/SUSE security discussion. \nAll SUSE security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-subscribe@suse.com>.` \n \n` suse-security-announce@suse.com \n- SUSE's announce-only mailing list. \nOnly SUSE's security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-announce-subscribe@suse.com>.` \n \n` For general information or the frequently asked questions (faq) \nsend mail to: \n<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively.` \n \n` ===================================================================== \nSUSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n===================================================================== \n______________________________________________________________________________` \n \n` The information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature shows proof of the \nauthenticity of the text. \nSUSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory.` \n \n`Type Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>` \n \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3` \n`0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH \nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 \nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY` \n`EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X \n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p` \n`WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK-----` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux)` \n \n`iQEVAwUBP89p3ney5gA9JdPZAQEHywf7BVUbgRFR++QVCq2qt8930XR1OH0XbLkf \noUhKnhyC025asQHEe0mF9PYFXIz5s+vFwYWVP68qheAvmQic2HH4qotv29wdSIP7 \nEXb8ilGcdDGnaZLaFk6473O1TV2vT/JMYB3RGYnnsDV+PXCDrzc5vL29IUjlpaFA \nIC+B1Y5nhMCpIRQ5NBnWBx+u00QPS44mXLZmHHtaj+60rSuIjv2n63sNg1jhXczL \nlja5Y3hNOLzuLJyPv62n4LffGCPdXk9deMyxOfkl8RBfu+Q0PEJmKD18PQOyPRjE \n1hdMdBgwEz8BAbgr5YaNllKn1a09KV7TzlB+KbY02M8XTGnGd+MFUw== \n=mvKr \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ Slackware\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`[slackware-security] rsync security update (SSA:2003-337-01)` \n \n`Rsync is a file transfer client and server.` \n \n`A security problem which may lead to unauthorized machine access \nor code execution has been fixed by upgrading to rsync-2.5.7. \nThis problem only affects machines running rsync in daemon mode, \nand is easier to exploit if the non-default option \"use chroot = no\" \nis used in the /etc/rsyncd.conf config file.` \n \n`Any sites running an rsync server should upgrade immediately.` \n \n`For complete information, see the rsync home page:` \n \n` <http://rsync.samba.org>` \n \n`Here are the details from the Slackware 9.1 ChangeLog: \n+--------------------------+ \nWed Dec 3 22:18:35 PST 2003 \npatches/packages/rsync-2.5.7-i486-1.tgz: Upgraded to rsync-2.5.7. \nFrom the rsync-2.5.7-NEWS file: \nSECURITY: \n* Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul \nRussell, Andrea Barisani) \nThe vulnerability affects sites running rsync in daemon mode (rsync \nservers). These sites should be upgraded immediately. \n(* Security fix *) \n+--------------------------+` \n \n \n`WHERE TO FIND THE NEW PACKAGE: \n+-----------------------------+` \n \n`Updated package for Slackware 8.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.5.7-i386-1.tgz>` \n \n`Updated package for Slackware 9.0: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.5.7-i386-1.tgz>` \n \n`Updated package for Slackware 9.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.5.7-i486-1.tgz>` \n \n`Updated package for Slackware -current: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.5.7-i486-1.tgz>` \n \n \n`MD5 SIGNATURES: \n+-------------+` \n \n`Slackware 8.1 package: \n9adcdfaeca3022204bc1bef1d97802cf rsync-2.5.7-i386-1.tgz` \n \n`Slackware 9.0 package: \n12788c9af15174c683ada4c5e5746372 rsync-2.5.7-i386-1.tgz` \n \n`Slackware 9.1 package: \n38d40a65d526f92c41ff72afae74e546 rsync-2.5.7-i486-1.tgz` \n \n`Slackware -current package: \n3f68fa78c6d095da4269e27806596d48 rsync-2.5.7-i486-1.tgz` \n \n \n`INSTALLATION INSTRUCTIONS: \n+------------------------+` \n \n`If you're running rsync as a daemon, kill it:` \n \n`# killall rsync` \n \n`Then, upgrade the package:` \n \n`# upgradepkg rsync-2.5.7-i486-1.tgz` \n \n`Finally, restart the rsync daemon:` \n \n`# rsync --daemon` \n \n \n`+-----+` \n \n`Slackware Linux Security Team \n<http://slackware.com/gpg-key> \nsecurity@slackware.com` \n \n`+------------------------------------------------------------------------+ \n| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | \n+------------------------------------------------------------------------+ \n| Send an email to majordomo@slackware.com with this text in the body of | \n| the email message: | \n| | \n| unsubscribe slackware-security | \n| | \n| You will get a confirmation message back. Follow the instructions to | \n| complete the unsubscription. Do not reply to this message to | \n| unsubscribe! | \n+------------------------------------------------------------------------+` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/zuYUakRjwEAQIjMRAv8BAJ4mBp2BLFrk2Uw6qYbQyzZGWxDAhQCeK717 \nXvGEot5Waqq4pwafZ2dw3Lc= \n=ddu3 \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ Trustix Secure Linux\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2003-0048` \n \n`Package name: rsync \nSummary: remote code execution \nDate: 2003-12-04 \nAffected versions: TSL 1.2, 1.5, 2.0` \n \n`- -------------------------------------------------------------------------- \nPackage description: \nRsync uses a quick and reliable algorithm to very quickly bring \nremote and host files into sync. Rsync is fast because it just \nsends the differences in the files over the network (instead of \nsending the complete files). Rsync is often used as a very powerful \nmirroring process or just as a more capable replacement for the \nrcp command. A technical report which describes the rsync algorithm \nis included in this package.` \n \n`Problem description: \nAll versions of rsync prior to 2.5.7 contains a heap overflow that can \nbe used to exceute arbitary code from remote. \nThe Common Vulnerabilites and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0962 to this issue.` \n \n`Action: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system.` \n \n \n`Location: \nAll TSL updates are available from \n<URI:<http://http.trustix.org/pub/trustix/updates/>> \n<URI:<ftp://ftp.trustix.org/pub/trustix/updates/>>` \n \n \n`About Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater.` \n \n \n`Automatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'.` \n \n \n`Public testing: \nThese packages have been available for public testing for some time. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:<http://tsldev.trustix.org/cloud/>>` \n \n` You may also use swup for public testing of updates: \n \nsite { \nclass = 0 \nlocation = \"<http://tsldev.trustix.org/cloud/rdfs/latest.rdf>\" \nregexp = \".*\" \n} \n` \n \n`Questions? \nCheck out our mailing lists: \n<URI:<http://www.trustix.org/support/>>` \n \n \n`Verification: \nThis advisory along with all TSL packages are signed with the TSL sign key. \nThis key is available from: \n<URI:<http://www.trustix.org/TSL-SIGN-KEY>>` \n \n` The advisory itself is available from the errata pages at \n<URI:<http://www.trustix.org/errata/trustix-1.2/>>, \n<URI:<http://www.trustix.org/errata/trustix-1.5/>> and \n<URI:<http://www.trustix.org/errata/trustix-2.0/>> \nor directly at \n<URI:<http://www.trustix.org/errata/misc/2003/TSL-2003-0048-rsync.asc.txt>>` \n \n \n`MD5sums of the packages: \n- -------------------------------------------------------------------------- \nff92f850103caec5566d3037005be1cc ./1.2/rpms/rsync-2.5.7-1tr.i586.rpm \nc96460c2df73f6f28e86676f0087eed7 ./1.2/srpms/rsync-2.5.7-1tr.src.rpm \n24f991051c4d7dc7287770a999c91cfe ./1.5/rpms/rsync-2.5.7-1tr.i586.rpm \nc96460c2df73f6f28e86676f0087eed7 ./1.5/srpms/rsync-2.5.7-1tr.src.rpm \nd74d3a08933b4d22439bc08cf435cec9 ./2.0/rpms/rsync-2.5.7-1tr.i586.rpm \n1547e73b44c4ee2df24f28b67a229666 ./2.0/rpms/rsync-server-2.5.7-1tr.i586.rpm \n406331367957dd7f9ddfe56dc8177580 ./2.0/srpms/rsync-2.5.7-1tr.src.rpm \n- --------------------------------------------------------------------------` \n \n \n`TSL Security Team` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux)` \n \n`iD8DBQE/zwVBi8CEzsK9IksRArM6AKCaystKuJ7umB1LFxzcZGHVMu2VWwCgmJ0L \nLWHTlBr0+2jA31dQuVUoOIk= \n=huAV \n-----END PGP SIGNATURE----- \n`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### __ __ TurboLinux\n\nUpdated: December 08, 2003 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`This is an announcement only email list for the x86 architecture. \n============================================================ \nTurbolinux Security Announcement 06/Dec/2003 \n============================================================` \n \n`The following page contains the security information of Turbolinux Inc.` \n \n` - Turbolinux Security Center \n<http://www.turbolinux.com/security/>` \n \n` (1) glibc -> Multiple vulnerabilities in glibc \n(2) rsync -> Heap overflow` \n \n \n`=========================================================== \n* glibc -> Multiple vulnerabilities in glibc \n===========================================================` \n \n` More information : \nThe glibc package contains the standard C libraries used by applications.` \n \n` When a user is a member of a large number of groups,the getgrouplist function in \nglibc allows attackers to cause a denial of service (segmentation fault) \nand execute arbitrary code.` \n \n` Impact : \nThis may allow attackers to cause a denial of service or execute arbitrary code.` \n \n` Affected Products : \n- Turbolinux 8 Server \n- Turbolinux 8 Workstation \n- Turbolinux 7 Server \n- Turbolinux 7 Workstation` \n \n` Solution : \nPlease use turbopkg(zabom) tool to apply the update. \n--------------------------------------------- \n# turbopkg \nor \n# zabom update glibc glibc-devel glibc-profile mtrace nscd \n---------------------------------------------` \n \n \n` <Turbolinux 8 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/glibc-2.2.5-17.src.rpm> \n15681872 c5f6718068cad57d328e9cbb99cfc5c2` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-2.2.5-17.i586.rpm> \n10948308 e978c66d70ed23c1d37f3cf58fa1d7dd \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm> \n3087284 027379201c146b8652691fa5fb407fb8 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm> \n793319 2b825226d3e4628c4fc5a13d028dc42f \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm> \n26289 3b7e3b3ee9fdad443214abc22ff011a3 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nscd-2.2.5-17.i586.rpm> \n33180 2811c092ec2fed1a278f29d6f5393122` \n \n` <Turbolinux 8 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/glibc-2.2.5-17.src.rpm> \n15681872 0ae07774f7aed8ddceda091ad1aa59eb` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-2.2.5-17.i586.rpm> \n10943475 e3ae6e493dae31c06d04de1e5ef24a5b \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm> \n3088889 7bdde2a4805a408ec20b5b6c983c20b7 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm> \n793449 8eb226d87491ab3d2b22e50a978900be \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm> \n26291 d9d5ee64fff9b612203b7b6629d95022 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/nscd-2.2.5-17.i586.rpm> \n33125 5f91d450345639e2f4629005305d401d` \n \n` <Turbolinux 7 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/glibc-2.2.4-13.src.rpm> \n13582169 668c9eb6ddb16b219cbe155edf9a6ca1` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-2.2.4-13.i586.rpm> \n11310068 ebd5c4c08b7e50bafbd79b57801cccdd \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm> \n6293426 b0b9308e04c0314f4130617e89f60017 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm> \n4125526 818098cc38a84b39204504e36bc79761 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm> \n15377 4de531b6fda1b23c28d91477eb8f4124 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/nscd-2.2.4-13.i586.rpm> \n31236 d5fbda6a59e9fc074a3df3ac378907b2` \n \n` <Turbolinux 7 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/glibc-2.2.4-13.src.rpm> \n13582169 b0e8e76f424bd3bd2cd2a94dd37d0dcd` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-2.2.4-13.i586.rpm> \n11308991 b5f5f6887dc9a8aaa4e118c6c8ff22e6 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm> \n6292725 b4e5f9a07c55ff55845a2aa4dbfd5a7f \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm> \n4125536 32c7053ca33d15f10c655b3e1262a769 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm> \n15385 5d042786c08b9336fe73fe4c7c69367b \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/nscd-2.2.4-13.i586.rpm> \n31243 fae888249da3141a18336aa8a5f6da60` \n \n \n` References :` \n \n` CVE \n[CAN-2003-0689] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689> \n[CAN-2003-0859] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0859>` \n \n \n`=========================================================== \n* rsync -> Heap overflow \n===========================================================` \n \n`More information : \nrsync uses the \"rsync algorithm\" which provides a very fast method for \nbringing remote files into sync. It does this by sending just the \ndifferences in the files across the link, without requiring that both \nsets of files are present at one of the ends of the link beforehand. \nRsync version 2.5.6 and earlier contains a heap overflow vulnerability \nthat can be used to remotely run arbitrary code.` \n \n` Please note that this vulnerability only affects the use of rsync as a \"rsync server\". ` \n \n` Impact : \nThis vulnerability may allow remote third party to gain the root privileges.` \n \n` Affected Products : \n- Turbolinux 10 Desktop \n- Turbolinux 8 Server \n- Turbolinux 8 Workstation \n- Turbolinux 7 Server \n- Turbolinux 7 Workstation \n- Turbolinux Server 6.5 \n- Turbolinux Advanced Server 6 \n- Turbolinux Server 6.1 \n- Turbolinux Workstation 6.0` \n \n` Solution : \nPlease use turbopkg(zabom) tool to apply the update. \n--------------------------------------------- \n# turbopkg \nor \nzabom-1.x \n# zabom update rsync \nzabom-2.x \n# zabom -u rsync \n---------------------------------------------` \n \n \n` <Turbolinux 10 Desktop>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 499768bcd5851f5dede0a9aaed9f67fd` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n142068 fba3ab5d577b7eab1818c3d41e6ce13d` \n \n` <Turbolinux 8 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 d4c79a6aba4e8a7b17d8940d6b6e1f87` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n140316 10b89f1b0c3db89ee56dc9b735b4effa` \n \n` <Turbolinux 8 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 5b521abb17456fadded17f054bd9a5b4` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n140308 6c9f1e54680ea18d6c885fb1bfe8d924` \n \n` <Turbolinux 7 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 da512bcc0862905542870ede94d4518c` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n136728 fe9fd94d15842c3e6344811501329205` \n \n` <Turbolinux 7 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 e7e10e4efe32ed6d0308c332b11df197` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n136761 10f48e8a8ffa4fe9318f277767ad03ed` \n \n` <Turbolinux Server 6.5>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 83ded0d90cde0b0a5e1376e468faaa42` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136619 b8186c802c41974daf566bc01fbd9e9b` \n \n` <Turbolinux Advanced Server 6>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 c0bd7ffb38fff1d788ae7056915acb28` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136611 f6fb180f6652671a6f2627065d2c40cd` \n \n` <Turbolinux Server 6.1>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 80d975cc6e84edb7da14d8566e4b7fe0` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136599 70d6d5c3e4a227803ea48a2be5af324b` \n \n` <Turbolinux Workstation 6.0>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 081ea78c2a4f089c452fe0a5094b68fa` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136607 519b6825e9f917487a8c884b5b1a9006` \n \n \n` References :` \n \n` rsync \n<http://rsync.samba.org/>` \n \n` CVE \n[CAN-2003-0962] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962>` \n \n \n` * You may need to update the turbopkg tool before applying the update. \nPlease refer to the following URL for detailed information.` \n \n` <http://www.turbolinux.com/download/zabom.html> \n<http://www.turbolinux.com/download/zabomupdate.html>` \n \n`Package Update Path \n<http://www.turbolinux.com/update>` \n \n`============================================================ \n* To obtain the public key` \n \n`Here is the public key` \n \n` <http://www.turbolinux.com/security/>` \n \n` * To unsubscribe from the list` \n \n`If you ever want to remove yourself from this mailing list, \nyou can send a message to <server-users-e-ctl@turbolinux.co.jp> with \nthe word `unsubscribe' in the body (don't include the quotes).` \n \n`unsubscribe` \n \n` * To change your email address` \n \n`If you ever want to chage email address in this mailing list, \nyou can send a message to <server-users-e-ctl@turbolinux.co.jp> with \nthe following command in the message body:` \n \n` chaddr 'old address' 'new address'` \n \n`If you have any questions or problems, please contact \n<supp_info@turbolinux.co.jp>` \n \n`Thank you!` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/0M/DK0LzjOqIJMwRAr7wAJ9uc2XNZGeh6lqS+pKIlIjmjCsLaQCePJvs \nuZ4pje67NlW5ogxnIjemsmk= \n=ZogU \n-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\nView all 15 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html>\n * <http://www.secunia.com/advisories/10353/>\n * <http://www.secunia.com/advisories/10354/>\n * <http://www.secunia.com/advisories/10355/>\n * <http://www.secunia.com/advisories/10356/>\n * <http://www.secunia.com/advisories/10357/>\n * <http://www.secunia.com/advisories/10358/>\n * <http://www.secunia.com/advisories/10359/>\n * <http://www.secunia.com/advisories/10360/>\n * <http://www.secunia.com/advisories/10361/>\n * <http://www.secunia.com/advisories/10362/>\n * <http://www.secunia.com/advisories/10363/>\n * <http://www.secunia.com/advisories/10364/>\n * <http://www.secunia.com/advisories/10378/>\n * <http://www.secunia.com/advisories/10474/>\n\n### Acknowledgements\n\nTimo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0962](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0962>) \n---|--- \n**Severity Metric:****** | 29.40 \n**Date Public:** | 2003-10-03 \n**Date First Published:** | 2003-12-09 \n**Date Last Updated: ** | 2006-05-01 19:33 UTC \n**Document Revision: ** | 28 \n", "modified": "2006-05-01T19:33:00", "published": "2003-12-09T00:00:00", "id": "VU:325603", "href": "https://www.kb.cert.org/vuls/id/325603", "type": "cert", "title": "Integer overflow vulnerability in rsync", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}