Advisories : Red Hat, Inc. Security Advisory (updated perl and mailx)

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Red Hat, Inc. Security Advisory (updated perl and mailx)

Title:	Red Hat, Inc. Security Advisory (updated perl and mailx)
Released by:	Red Hat
Date:	9th August 2000
Printable version:	Click here

---------------------------------------------------------------------

                   Red Hat, Inc. Security Advisory



Synopsis:          Updated mailx and perl packages are now available.

Advisory ID:       RHSA-2000:048-06

Issue date:        2000-08-07

Updated on:        2000-08-09

Product:           Red Hat Linux

Keywords:          perl suidperl mailx rpm

Cross references:  RHSA-2000:051

---------------------------------------------------------------------



1. Topic:



Updated perl and mailx package are now available which fix a potential

exploit made possible by incorrect assumptions made in suidperl.



This advisory contains additional instructions for installing the necessary

updates.



2. Relevant releases/architectures:



Red Hat Linux 5.0 - i386, alpha, sparc

Red Hat Linux 5.1 - i386, alpha, sparc

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc

Red Hat Linux 6.2 - i386, alpha, sparc

Red Hat Linux 6.2E - i386, alpha, sparc



3. Problem description:



Under certain conditions, suidperl will attempt to send mail to the local

superuser account using /bin/mail.  A properly formatted exploit script can

use this facility, along with mailx's tendency to inherit settings from the

environment, to gain local root access.



This update changes suidperl's behavior to use syslog instead of mail, and

restricts the list of variables /bin/mail will read from the environment.



4. Solution:



For each RPM for your particular architecture, run:



rpm -Fvh [filename]



where filename is the name of the RPM.



In order to install some of these packages, you may need to have a newer

version of RPM installed.  Information about obtaining the new version of

RPM is included in RHSA-2000:051.



5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



15625 - Root exploit alread posted on bugtraq

15630 - Root exploit in sperl

15641 - suidperl has a major problem





6. RPMs required:



Red Hat Linux 5.0:



Red Hat Linux 5.2:



sparc:

http://updates.redhat.com/5.2/sparc/mailx-8.1.1-16.sparc.rpm

http://updates.redhat.com/5.2/sparc/perl-5.004m7-2.sparc.rpm



alpha:

http://updates.redhat.com/5.2/alpha/mailx-8.1.1-16.alpha.rpm

http://updates.redhat.com/5.2/alpha/perl-5.004m7-2.alpha.rpm



i386:

http://updates.redhat.com/5.2/i386/mailx-8.1.1-16.i386.rpm

http://updates.redhat.com/5.2/i386/perl-5.004m7-2.i386.rpm



sources:

http://updates.redhat.com/5.2/SRPMS/mailx-8.1.1-16.src.rpm

http://updates.redhat.com/5.2/SRPMS/perl-5.004m7-2.src.rpm



Red Hat Linux 6.2:



sparc:

http://updates.redhat.com/6.2/sparc/mailx-8.1.1-16.sparc.rpm

http://updates.redhat.com/6.2/sparc/perl-5.00503-11.sparc.rpm



i386:

http://updates.redhat.com/6.2/i386/mailx-8.1.1-16.i386.rpm

http://updates.redhat.com/6.2/i386/perl-5.00503-11.i386.rpm



alpha:

http://updates.redhat.com/6.2/alpha/mailx-8.1.1-16.alpha.rpm

http://updates.redhat.com/6.2/alpha/perl-5.00503-11.alpha.rpm



sources:

http://updates.redhat.com/6.2/SRPMS/mailx-8.1.1-16.src.rpm

http://updates.redhat.com/6.2/SRPMS/perl-5.00503-11.src.rpm



7. Verification:



MD5 sum                           Package Name

--------------------------------------------------------------------------

c514911db4ce13fc32af5b59233d5dc9  5.2/SRPMS/mailx-8.1.1-16.src.rpm

7440313c13c65142c75e35d32b5807c3  5.2/SRPMS/perl-5.004m7-2.src.rpm

430fca595dd42648239b8ad475032c9c  5.2/alpha/mailx-8.1.1-16.alpha.rpm

876b94f7d4fd4d92142f44de51045591  5.2/alpha/perl-5.004m7-2.alpha.rpm

fd9d44b8aeadc36bd871dd8e2d6211c4  5.2/i386/mailx-8.1.1-16.i386.rpm

0a1f47cacb891c03b351211d4fe825ed  5.2/i386/perl-5.004m7-2.i386.rpm

376f28398c607b4af12d06babbd7e098  5.2/sparc/mailx-8.1.1-16.sparc.rpm

24e61c42e5a22dbbc929264a1ddc3869  5.2/sparc/perl-5.004m7-2.sparc.rpm

30d2f82abfba4ac2c770b66c591d528f  6.2/SRPMS/mailx-8.1.1-16.src.rpm

5cfe855e78b1ed7672e4daa738093f2c  6.2/SRPMS/perl-5.00503-11.src.rpm

25497e13b1d30f3dcff365602f78208a  6.2/alpha/mailx-8.1.1-16.alpha.rpm

452714b1ddfd479cb683b21ca54d27a3  6.2/alpha/perl-5.00503-11.alpha.rpm

c121c2076bae78f42afcf9f0357549b9  6.2/i386/mailx-8.1.1-16.i386.rpm

ff573609cbe0de0fe72838b0139992da  6.2/i386/perl-5.00503-11.i386.rpm

6464e30268ba05a2ca938b38805a9256  6.2/sparc/mailx-8.1.1-16.sparc.rpm

fa63980aed3bdd2c9c14dcca6745c56c  6.2/sparc/perl-5.00503-11.sparc.rpm



These packages are GPG signed by Red Hat, Inc. for security.  Our key

is available at:

    http://www.redhat.com/corp/contact.html



You can verify each package with the following command:

    rpm --checksig  



If you only wish to verify that each package has not been corrupted or

tampered with, examine only the md5sum with the following command:

    rpm --checksig --nogpg 



8. References:



http://www.securityfocus.com/vdb/bottom.html?vid=3D1547

http://bugs.perl.org/perlbug.cgi?req=3Dtidmids&tidmids=3D20000806.001





Copyright(c) 2000 Red Hat, Inc.