Bugtraq mailing list archives
[RHSA-2000:016-03] Multiple local imwheel vulnerabilities
From: bugzilla () REDHAT COM (bugzilla () REDHAT COM)
Date: Tue, 4 Jul 2000 00:03:00 -0400
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Multiple local imwheel vulnerabilities Advisory ID: RHSA-2000:016-03 Issue date: 2000-04-20 Updated on: 2000-07-03 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A --------------------------------------------------------------------- 1. Topic: Multiple vulnerabilities exist in imwheel. 2. Relevant releases/architectures: Red Hat Powertools 6.1 - i386 alpha sparc Red Hat Powertools 6.2 - i386 alpha sparc 3. Problem description: Multiple local vulnerabilities exist in imwheel. * Read access violations where there is no checking of the file itself, it follows a symlink blindly. * Perl wrapper might allow other users on the machine to kill the imwheel process. 4. Solution: Because the core functionality of imwheel has been incorporated into many existing applications, removing imwheel will not incur a significant loss of functionality. If the machine which has imwheel installed is not a single user machine we recommend removing imwheel. To remove imwheel run this command: rpm -e imwheel 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): N/A 6. RPMs required: N/A 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- N/A These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A
Current thread:
- Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- <Possible follow-ups>
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
- Re: ftpd: the advisory version Mike Gleason (Jul 02)
- [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)