-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: xinetd
Announcement-ID: SuSE-SA:2001:022
Date: Friday, June 29th 2001, 13:26:55 CEST
Affected SuSE versions: (6.0, 6.1, 6.2), 6.3, 6.4, 7.0, 7.1, 7.2
Vulnerability Type: remote code execution
Severity (1-10): 7
SuSE default package: yes
Other affected systems: All systems using xinetd
Content of this advisory:
1) security vulnerability resolved: xinetd buffer-overflows
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
Zen-parse has reported a bug to Bugtraq which allows remote attackers
to overflow a buffer in the logging routine of xinetd. During investigation
we found that more problems exist within xinetd. Xinetd provides its own
string-handling (snprintf()-like functions) routines and fails to handle
length arguments of 0 properly. Instead of an immediate return it assumes
'no limit' for writing characters to the target-buffer. This can lead
to overflows and arbitrary remote code-execution. Additionally xinetd
now sets the correct umask before starting other deamons.
Please update the packages immediately, kill the old deamon and start
the new xinetd deamon with the
/etc/rc.d/xinetd start
command again if you need it running.
Regardless of the bugs in xinetd, please make sure you only run as many
services as needed.
<p> i386 Intel Platform:
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/xinetd-2.1.8.8p3-139.i386.rpm
a8122710a857e49a356b0786c8aad9eb
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/xinetd-2.1.8.8p3-139.src.rpm
90187bd35f931f07ba72b54c16c1549c
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/xinetd-2.1.8.8p3-140.i386.rpm
346868fe76e17d17d87dadbac4c032bb
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/xinetd-2.1.8.8p3-140.src.rpm
6656be9789888da5b1b37dc1aa9c69a9
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/xinetd-2.1.8.8p3-140.i386.rpm
ff001b856db620213608dac1c88ebfbe
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/xinetd-2.1.8.8p3-140.src.rpm
627d2f09d9d4607f31e1902eee4e0cb5
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/xinetd-2.1.8.8p3-139.i386.rpm
ef4697d57a6ceb5e6a55bde51268b92a
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/xinetd-2.1.8.8p3-139.src.rpm
1384b48ed19204324d4a8c2f75d3ea20
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/xinetd-2.1.8.8p3-141.i386.rpm
3c29917f0688aa7509f98b0a00a38eed
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/xinetd-2.1.8.8p3-141.src.rpm
b7f8cc1e5a7d3c2f6c56040c327a4b20
<p> Sparc Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/xinetd-2.1.8.8p3-89.sparc.rpm
a78dd53e2da211b8822b4ca86359a6e0
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/xinetd-2.1.8.8p3-89.src.rpm
9b0acb0dacee2962f19057de43d9f421
<p> AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/xinetd-2.1.8.8p3-96.alpha.rpm
bb2b45d56d2cf54733a20561c8a8e440
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/xinetd-2.1.8.8p3-96.src.rpm
60610276aba8c103a43a40ea0366f675
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/xinetd-2.1.8.8p3-96.alpha.rpm
1e4f0685f380db64025837685f8e79c2
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/xinetd-2.1.8.8p3-96.src.rpm
addfd497500387b4de4e2c77ff226e01
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/xinetd-2.1.8.8p3-95.alpha.rpm
f39287594d3297d2625f3878be6b7d98
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/xinetd-2.1.8.8p3-95.src.rpm
ea727667791cd774a5df8bcb5b8b2870
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/xinetd-2.1.8.8p3-95.alpha.rpm
364120a5e0ba13587efba8c082faafa0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/xinetd-2.1.8.8p3-95.src.rpm
08c540c506809a9a5b080aa21fe97406
<p> PPC Power PC Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/xinetd-2.1.8.8p3-102.ppc.rpm
b73446661fe3f5967acd0242e83fb815
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/xinetd-2.1.8.8p3-102.src.rpm
c89cb923d3c837e50e7f2efc2c9708d2
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/xinetd-2.1.8.8p3-101.ppc.rpm
01fec52a269c456636bcda0d8401b639
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/xinetd-2.1.8.8p3-101.src.rpm
f91f365e3cbedc3de52aab7667db97b2
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/xinetd-2.1.8.8p3-101.ppc.rpm
ed8e343b428fe812502195a15d9c4219
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/xinetd-2.1.8.8p3-101.src.rpm
a340276cec8a5dedcbcd29e199bef6a1
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- rxvt
The rxvt program contains a buffer-overflow which allows an attacker
to locally execute arbitrary code under a different group-id. Please
update to the newest rxvt packages.
- dqs
The dsh-program, shipped with the dqs package contains a buffer-overflow
which allows local attackers to execute arbitrary code as root.
Please update to the newest packages.
- pcp
A /tmp - race has been found in the pcp package which allows
a local attacker to escalate his priviledges.
Affected versions: 7.1, 7.2.
We thank Mark Goodwin and Keith Owens from SGI who quickly responded
to SuSE in this issue and who released a fixed version of the SGI
Performance Co-Pilot in response to the security problem. Future SuSE
Linux releases will include the most recent version of the package.
Workaround: chmod a-s `rpm -ql pcp` /nosuchfile
update-package does the same.
<p>______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum