Immunix OS Security update for lots of temp file problems

2001-01-11T00:00:00
ID SECURITYVULNS:DOC:1148
Type securityvulns
Reporter Securityvulns
Modified 2001-01-11T00:00:00

Description


    Immunix OS Security Advisory Summary

Date: January 10, 2000 Advisory ID: IMNX-2000-70-028-01 Author: Greg Kroah-Hartman <greg@wirex.com>


In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a loads of potential temp file race problems in lots of different programs. This came to light due to the "new" linker warning message in glibc whenever mktemp(), tempname() or other insecure temp file generation functions are used.

This summary message encompasses 12 different packages that we have released updates for in order to try to cut down on the amount of different email messages that people get.

The packages and versions effected are: apache 1.3.14 and also 2.0a9, the htpasswd and htdigest helper programs tcpdump arpwatch version 2.1a4 squid 2.3 STABLE and 2.4 linuxconf 1.19r through 1.23r, the vpop3d program mgetty 1.1.22 and 1.1.23 gpm 1.19.3 wu-ftpd 2.6.1, the privatepw program inn 2.2.3 diffutils 2.7, the sdiff program getty_ps 2.0.7j rdist 6.1.5 shadow-utils 19990827 and 20000902, the useradd program

Note that Immunix Linux 7.0 is based off of RedHat 7.0, so it is also effected by all of these same problems. Other Linux distros are also probably effected by some of these problems.

If anyone wants the specific patch used to fix these problems, or wants a more detailed explanation of any of the problems, please feel free to ask me.

Thanks go out to Steve Beattie, Chris Wright and Matt Barringer all did audits and helped with the patches. And to our boss, Crispin Cowan for working to convince WireX management that it was worth our time to help fix these problems. Also to all of the maintainers who responded so quickly with patches and were willing to listen to potential problems, a big thanks (the mgetty author, Gert Doering, deserves a special thanks, for being so helpful in fixing stuff.)

And I don't think this is the last of the temp file creation problem by any means :)

Online versions of all Immunix 7.0-beta updates and advisories can be found at http://www.immunix.org/ImmunixOS/7.0-beta/updates/

More details:


Packages updated: apache Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1308 Date: January 10, 2000 Advisory ID: IMNX-2000-70-016-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the apache helper programs, htdigest and htpasswd. We notified the apache development team but never received a response.

Packages have been created and released for Immunix 7.0 beta to fix these problems.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_StackGuard_5.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/apache-1.3.14-3_StackGuard_5.src.rpm

md5sums of the packages: f7cf8f975ae0d9700ab275040b59168a apache-1.3.14-3_StackGuard_5.i386.rpm 52d8c4b1e793aad728d4ef89223cf2b2 apache-devel-1.3.14-3_StackGuard_5.i386.rpm 55b4d805b6004795143d40ba3dad85b8 apache-manual-1.3.14-3_StackGuard_5.i386.rpm 7b760f570e40ca35ad46d9c4171e64b9 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm 00dfbcd0d515a70c761ac2e362aae56a apache-1.3.14-3_StackGuard_5.src.rpm


Packages updated: arpwatch Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1309 Date: January 10, 2000 Advisory ID: IMNX-2000-70-017-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the arpwatch program which is a part of the tcpdump package. This problem had been fixed in a more recent version of the arpwatch program.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/arpwatch-2.1a10-29_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/libpcap-0.4-29_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/tcpdump-3.4-29_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/tcpdump-3.4-29_StackGuard_2.src.rpm

md5sums of the packages: 0dbf7ba916618809d9e6cecd48a74e42 arpwatch-2.1a10-29_StackGuard_2.i386.rpm 16554cd2e79f2adc5221cd2edaeacfdc libpcap-0.4-29_StackGuard_2.i386.rpm 2a8f01d35f934ad2d0a32bb7cfa4862e tcpdump-3.4-29_StackGuard_2.i386.rpm ac2c2043e98c42a14f0dc057cb65db49 tcpdump-3.4-29_StackGuard_2.src.rpm


Packages updated: squid Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1310 Date: January 10, 2000 Advisory ID: IMNX-2000-70-018-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the way that the squid package sends out email notifying the admin about updating the program. This usually only happens if you are running a development version of squid, or if the clock on your system is incorrect.

The squid maintainers have applied a patch to fix this, and can be found in latest version of both the development and stable releases of squid. Thanks go out to them for responding so quickly.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/squid-2.3.STABLE4-1_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/squid-2.3.STABLE4-1_StackGuard_2.src.rpm

md5sums of the packages: 93582c5f73e270f9a83782e9baad3391 squid-2.3.STABLE4-1_StackGuard_2.i386.rpm 8f8edf4295f4edce2af8a32df6a3348f squid-2.3.STABLE4-1_StackGuard_2.src.rpm


Packages updated: linuxconf Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1311 Date: January 10, 2000 Advisory ID: IMNX-2000-70-019-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the vpop3d program in the linuxconf package

The linuxconf maintainers have applied a patch to fix this, and have made a new release with this fix in it. Thanks go out to them for responding so quickly.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-1.19r2-4_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/linuxconf-devel-1.19r2-4_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/linuxconf-1.19r2-4_StackGuard_2.src.rpm

md5sums of the packages: 89ca758bceb7e2b97c0da2997c63a8f6 linuxconf-1.19r2-4_StackGuard_2.i386.rpm 4db4d6d89a438dbf421b6e5030f234cd linuxconf-devel-1.19r2-4_StackGuard_2.i386.rpm 3422438e1fec2e8ef880696e616cd833 linuxconf-1.19r2-4_StackGuard_2.src.rpm


Packages updated: mgetty Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1312 Date: January 10, 2000 Advisory ID: IMNX-2000-70-020-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the mgetty program.

The mgetty maintainer has applied a patch to fix this, and have made a new release with this fix in it. Thanks go out to them for responding so quickly.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-1.1.24-1_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-sendfax-1.1.24-1_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-viewfax-1.1.24-1_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mgetty-voice-1.1.24-1_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/mgetty-1.1.24-1_StackGuard_2.src.rpm

md5sums of the packages: ddf613be0fed657c4a4dc0f1b9376486 mgetty-1.1.24-1_StackGuard_2.i386.rpm 700b540da49532efea426ee84af6bcff mgetty-sendfax-1.1.24-1_StackGuard_2.i386.rpm ed1f381a8ce63c20dcdc23b2373ed4aa mgetty-viewfax-1.1.24-1_StackGuard_2.i386.rpm 402e3d274f41e9405c5dac854a890884 mgetty-voice-1.1.24-1_StackGuard_2.i386.rpm 7e60d99ce1cf12da1b1671b72dc893bc mgetty-1.1.24-1_StackGuard_2.src.rpm


Packages updated: gpm Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1313 Date: January 10, 2000 Advisory ID: IMNX-2000-70-021-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the gpm program.

The gpm package is currently unmaintained, but the author has placed a patch to fix this in the updates directory for the gpm program.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-1.19.3-4_StackGuard_2.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/gpm-devel-1.19.3-4_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/gpm-1.19.3-4_StackGuard_2.src.rpm

md5sums of the packages: 657dfa541b202e011b823e68944e4e28 gpm-1.19.3-4_StackGuard_2.i386.rpm b8a37d6220b262636e9df9e24f81f36b gpm-devel-1.19.3-4_StackGuard_2.i386.rpm 52a25925229d052ffe68c109d42350fb gpm-1.19.3-4_StackGuard_2.src.rpm


Packages updated: wu-ftpd Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1314 Date: January 10, 2000 Advisory ID: IMNX-2000-70-022-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the privatepw helper program in the wu-ftpd package.

The maintainers of the wu-ftpd package have placed a patch to fix this on their ftp site. Thanks go out to them for responding so quickly

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/wu-ftpd-2.6.1-6_StackGuard_2.src.rpm

md5sums of the packages: 0259bb98f5f81b87f39504f748818a3f wu-ftpd-2.6.1-6_StackGuard_2.i386.rpm b941f7411d925af70405ba10fd1c3db3 wu-ftpd-2.6.1-6_StackGuard_2.src.rpm


Packages updated: inn Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1315 Date: January 10, 2000 Advisory ID: IMNX-2000-70-023-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the inn program. This is partly due to the way that the inn program is compiled and set up on Immunix Linux, and partly due to the lack of information in the inn program detailing potential security problems if you do not tell inn to use a private temporary directory. We have applied a patch that creates temporary files safely for inn, AND moved all temp file creation by inn into it's own private directory which should solve this problem.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary packages for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inews-2.2.3-3_StackGuard_3.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-2.2.3-3_StackGuard_3.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/inn-devel-2.2.3-3_StackGuard_3.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/inn-2.2.3-3_StackGuard_3.src.rpm

md5sums of the packages: ead2af814ce19919c1b9f3a5cb6db853 inews-2.2.3-3_StackGuard_3.i386.rpm feea622aca6a5b217e42f11df025fa90 inn-2.2.3-3_StackGuard_3.i386.rpm 0fe0bad19dcde112b83e803023b85c9f inn-devel-2.2.3-3_StackGuard_3.i386.rpm 25676fde907a0b71f665512bdf1b2aa8 inn-2.2.3-3_StackGuard_3.src.rpm


Packages updated: diffutils Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1316 Date: January 10, 2000 Advisory ID: IMNX-2000-70-024-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the sdiff program within the diffutils package.

A patch has been applied that fixes this problem, and the maintainers assure us that an updated release of the diffutils package will occur in the future with this problem solved.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/diffutils-2.7-21_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/diffutils-2.7-21_StackGuard_2.src.rpm

md5sums of the packages: af961df849ad223552a8dbc59f768cc9 diffutils-2.7-21_StackGuard_2.i386.rpm c1e02bb7f3bd0519844edd8cbd8e34ea diffutils-2.7-21_StackGuard_2.src.rpm


Packages updated: getty_ps Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1317 Date: January 10, 2000 Advisory ID: IMNX-2000-70-025-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the getty_ps program.

A patch has been applied that fixes this problem, however the maintainer of the program never responded to our email message about this problem.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/getty_ps-2.0.7j-12_StackGuard_2.i386.rpm

Source package for Immunix 7.0 beta is available at:

http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/getty_ps-2.0.7j-12_StackGuard_2.src.rpm

md5sums of the packages: ebe7518773d6598ef520233236488b7a getty_ps-2.0.7j-12_StackGuard_2.i386.rpm 22576dbf9d22ee4bb16811bddc9abd00 getty_ps-2.0.7j-12_StackGuard_2.src.rpm


Packages updated: rdist Effected products: Immunix OS 7.0-beta Bugs Fixed: immunix/1318 Date: January 10, 2000 Advisory ID: IMNX-2000-70-026-01 Author: Greg Kroah-Hartman <greg@wirex.com>


Description: In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a potential temp file race problem in the rdist program.

The maintainer has been notified of this problem, and will release an update sometime in the future fixing this. A patch has been applied to our package that fixes the problem now.

Packages have been created and released for Immunix 7.0 beta to fix this problem.

Package names and locations: Precompiled binary package for Immunix 7.0 beta is avai