SuSE Security Announcement: screen

From: Roman Drahtmueller (draht@suse.de)
Date: Wed Sep 06 2000 - 10:37:03 PDT

  • Next message: Roman Drahtmueller: "SuSE Security Announcement: apache"

    Date: Wed, 6 Sep 2000 19:37:03 +0200 (MEST)
    From: Roman Drahtmueller <draht@suse.de>
    Message-ID: <Pine.LNX.4.21.0009061936270.25775-100000@dent.suse.de>
    Subject: SuSE Security Announcement: screen
    

    -----BEGIN PGP SIGNED MESSAGE-----

    ______________________________________________________________________________

                            SuSE Security Announcement

            Package: screen
            Date: Wednesday, September 6th, 2000 19:35 MEST
            Affected SuSE versions: 5.3, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
            Vulnerability Type: local root compromise
            Severity (1-10): 8
            SuSE default package: yes
            Other affected systems: all linux systems with the screen program
                                    installed suid root

        Content of this advisory:
            1) security vulnerability resolved: screen
               problem description, discussion, solution and upgrade information
            2) pending vulnerabilities, temporary workarounds
            3) standard appendix (further information)

    ______________________________________________________________________________

    1) problem description, brief discussion, solution, upgrade information

        screen, a tty multiplexer, is installed suid root by default on SuSE
        Linux distributions. By supplying a thoughtfully designed string as
        the visual bell message, local users can obtain root privilege.
        Exploit information has been published on security forums.

        The temporary workaround for this problem would be to remove the suid
        bit from /usr/bin/screen*. This also requires mode changes in the
        /tmp/screens directory where the pipes for communication between
        the client and server part of screen are placed upon start of screen.

        SuSE provides an update for the vulnerable screen package. It is
        strongly recommended to upgrade to the latest version found on our
        ftp server as described below. The update packages remove all currently
        known security problems in the glibc package.

        Download the update package from locations desribed below and install
        the package with the command `rpm -Fhv file.rpm'. The md5sum for each
        file is in the line below. You can verify the integrity of the rpm
        files using the command
            `rpm --checksig --nogpg file.rpm',
        independently from the md5 signatures below.

        i386 Intel Platform:

        SuSE-7.0
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/screen-3.9.8-1.i386.rpm
          84b6330f0b9ac7600cc5ec53a9dfdbe9
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/screen-3.9.8-1.src.rpm
          883d80abf603a4eab2238a4e857301e2

        SuSE-6.4
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/screen-3.9.8-0.i386.rpm
          52f451ce0c8c49e02311dd16961aa028
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/screen-3.9.8-0.src.rpm
          a3cb0fb2c90664c6deb986fcbf4e74fd

        SuSE-6.3
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/screen-3.9.8-0.i386.rpm
          2c244140d346b16a3d5fb77e2cf1f860
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/screen-3.9.8-0.src.rpm
          2c84eadb44a5694dc3088000fff5ec82

        SuSE-6.2
        ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/screen-3.9.8-0.i386.rpm
          a72973a281467a1b390453ba2cbf3b59
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/screen-3.9.8-0.src.rpm
          a379e5b4ca81cf4118002c3064d1c3da

        SuSE-6.1
        ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/screen-3.9.8-0.i386.rpm
          d64479b7ba3740299acf717fe36c3834
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/screen-3.9.8-0.src.rpm
          e0b08bc5887c40d9f6e3176936c7150b

        SuSE-6.0
        Please use the update packages from the 6.1 directory for SuSE-6.0!

        SuSE-5.3
        ftp://ftp.suse.com/pub/suse/i386/update/5.3/ap1/screen-3.9.8-0.i386.rpm
          cd3ef3bc018973d8907000a8a23bafb6
        source rpm:
        ftp://ftp.suse.com/pub/suse/i386/update/5.3/zq1/screen-3.9.8-0.src.rpm
          f94c9664219649a2f2100344a88cdd22

        Sparc Platform:

        SuSE-7.0
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/screen-3.9.8-0.sparc.rpm
          3adce8a1bcf2464266d5db728b8d8af9
        source rpm:
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/screen-3.9.8-0.src.rpm
          26b1186598be0f873732fa5bf7b7b77b

        AXP Alpha Platform:

        SuSE-6.4
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/screen-3.9.8-0.alpha.rpm
          aa64d979f33d3c03b5bc0c5074892df8
        source rpm:
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/screen-3.9.8-0.src.rpm
          11f2261b54e8a329c8b0d1bfd9d0c96f

        SuSE-6.3
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/screen-3.9.8-0.alpha.rpm
          8e5acd8e3fe9efa7d82e2710489c7300
        source rpm:
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/screen-3.9.8-0.src.rpm
          6a1c04d9dd4f8c351e189a38f6f5d614

        SuSE-6.1
        ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/screen-3.9.8-0.alpha.rpm
          54828e3e9f0c72cc022fb35660c687e8
        source rpm:
        ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/screen-3.9.8-0.src.rpm
          e1ff18f05b40afa7849e7d07ae5b8755

        PPC Power PC Platform:

        SuSE-6.4
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/screen-3.9.8-0.ppc.rpm
          7418b948cf1e92622814c8aae3fa9aa6
        source rpm:
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/screen-3.9.8-0.src.rpm
          25c8979ec0f63f09a3e39cdadf2ef657

        SuSE-6.3
        ftp://ftp.suse.com/pub/suse/ppc/update/6.3/ap1/screen-3.9.8-0.ppc.rpm
          ea459ccb8c91b293e8b2b321df39be89
        source rpm:
        ftp://ftp.suse.com/pub/suse/ppc/update/6.3/zq1/screen-3.9.8-0.src.rpm
          aa87f61ec2fa912be6c83711c0630129

    ______________________________________________________________________________

    2) Pending vulnerabilities in SuSE Distributions and Workarounds:

        This section addresses currently known vulnerabilities in Linux/Unix
        systems that have not been resolved yet as of the release date of
        this advisory.

         - zope

            SuSE distributions before 7.0 do not contain zope as a package.
            An updated package for the freshly released SuSE-7.0 is on the way.

         - xchat

            A fix for the URL handler vulnerabilty is in progress and will
            be released within a few days. There is currently no effective
            and easy workaround other than removing the package by hand
            (`rpm -e xchat'). More information on xchat can be found in
            xchat's documentation directory /usr/doc/packages/xchat or
            /usr/share/doc/packages/xchat for SuSE-7.0.

    ______________________________________________________________________________

    3) standard appendix:

        SuSE runs two security mailing lists to which any interested party may
        subscribe:

        suse-security@suse.com
            - general/linux/SuSE security discussion.
                All SuSE security announcements are sent to this list.
                To subscribe, send an email to
                    <suse-security-subscribe@suse.com>.

        suse-security-announce@suse.com
            - SuSE's announce-only mailing list.
                Only SuSE's security annoucements are sent to this list.
                To subscribe, send an email to
                    <suse-security-announce-subscribe@suse.com>.

        For general information or the frequently asked questions (faq)
        send mail to:
            <suse-security-info@suse.com> or
            <suse-security-faq@suse.com> respectively.

        ===============================================
        SuSE's security contact is <security@suse.com>.
        ===============================================

    Regards,
    Roman Drahtmüller.
    - - --
     - -
    | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does |
      SuSE GmbH - Security Phone: // not enable user to fly."
    | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
     - -
    ______________________________________________________________________________

        The information in this advisory may be distributed or reproduced,
        provided that the advisory is not modified in any way.
        SuSE GmbH makes no warranties of any kind whatsoever with respect
        to the information contained in this security advisory.

    Type Bits/KeyID Date User ID
    pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security@suse.de>

    - -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6.3i

    mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
    BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
    JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
    1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
    P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
    cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
    VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
    yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
    tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
    xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
    Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
    choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
    BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
    v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
    x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
    Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
    MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
    saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
    L0oixF12Cg==
    =pIeS
    - -----END PGP PUBLIC KEY BLOCK-----

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3i
    Charset: noconv

    iQEVAwUBObaAlXey5gA9JdPZAQHi5gf9FE0NBzriT2G37ogRKRdENNXEZhWmj5fa
    vUcFBeGXvJzRxIabFbyqGfIlONp+SKdbxJqVpxBBXB+NaFYAAEtLIgjKA+DUOThQ
    DZjFVouMiuzwROl8JZU33GCNjqGh+97ImBA4LlVymFm603fgRllYZV2+TsqeWarE
    s2xIzB9z4GlLbyG/X/bM0tAOoPKiEl3hiTdWM7tAgXVoiTkdVBOYGDR/9wmMNiEU
    ZNkxdq5OJUcNd4Pa4vbnxTLPUEdBhQmZgWvfP+9v45FylkgTuRXrcCcyRj6YVVdC
    oOgB050z1zr56fVCClGKeOvgTKACwrUMX7pyIeG0HZCWGU+Ag+SsHw==
    =WVPy
    -----END PGP SIGNATURE-----



    This archive was generated by hypermail 2.1.0 : Mon Jun 04 2001 - 18:25:15 PDT