Paketname
usermode
Datum
2000-10-11
Advisory ID
MDKSA-2000:059
Betroffene Versionen
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problembeschreibung

The usermode package contains the program userhelper which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and any programs it runs) to create a format-string exploit in these programs. Linux-Mandrake ships an older version of usermode which is not vulnerable to this problem. Linux-Mandrake 7.2 beta contains the fixed usermode 1.36 as provided by Red Hat.

Aktualisierte Pakete

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na