Advisories : tmpwatch local DoS

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : tmpwatch local DoS

Title:	tmpwatch local DoS
Released by:	Conectiva
Date:	9th October 2000
Printable version:	Click here

-----------------------------------------------------------------------

CONECTIVA LINUX SECURITY ANNOUNCEMENT

-----------------------------------------------------------------------



PACKAGE   : tmpwatch

SUMMARY   : tmpwatch local DoS

DATE      : 2000-10-09 15:43:00

RELEVANT

RELEASES  : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1



----------------------------------------------------------------------



DESCRIPTION

 Versions of the tmpwatch package as shipped with Conectiva Linux

 contain a vulnerability which could lead to a local DoS.

 These versions, though, are not vulnerable to the local root exploit

 published earlier because they do not have the fuser option, which

 appeared only in later versions.





SOLUTION

 All users should upgrade to the updated package.

 The updated package fixes the DoS and also introduces the fuser

 option, but using exec() instead of system() to avoid the local root

 vulnerability.



 Thanks do RedHat for providing a new version.





DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

http://atualizacoes.conectiva.com.br/4.0/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/4.0es/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.0es/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/4.1/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.1/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/tmpwatch-2.6.2-1cl.src.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/tmpwatch-2.6.2-1cl.i386.rpm

http://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/tmpwatch-2.6.2-1cl.src.rpm





----------------------------------------------------------------------



All packages are signed with Conectiva's GPG key. The key can be

obtained at http://www.conectiva.com.br/contato



----------------------------------------------------------------------

subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br