MDKSA-2004:031-1
- Package name
- utempter
- Date
- 2004-04-21
- Advisory ID
- MDKSA-2004:031-1
- Affected versions
- 9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586
Problem description
Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems. Update: The second portion of the patch to address the manual termination of the string has been determined to be uneccessary, as well as reducing the length of utmp strings by one character. As such, it has been removed.
Updated packages
9.2 amd64
7e74a057a62e7b9b673ce6d67afa7787 amd64/9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm 1b3fe88346c0abc0f964f397c033b234 amd64/9.2/RPMS/lib64utempter0-0.5.2-12.2.92mdk.amd64.rpm bfc40facd647fe21e22f1753556b3e33 amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.2.92mdk.amd64.rpm 3aa865490f19b372a47e34157bbcdaff amd64/9.2/RPMS/utempter-0.5.2-12.2.92mdk.amd64.rpm
CS2.1 x86_64
9c88fb56dd2bf5be45b667dd986b6a93 x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm c633f8b5c17c2c2005b7ea2e83f88ad3 x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.x86_64.rpm 68d6d623e6c20493301d78dc51b64ae6 x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.x86_64.rpm dab90f2133385bf148f104f95031e95b x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.x86_64.rpm
10.0 amd64
58918ef6e3f5bca9f4beb6a680d47de7 amd64/10.0/RPMS/lib64utempter0-0.5.2-12.2.100mdk.amd64.rpm 3811078ed70f2ae17d3d49d7945bc684 amd64/10.0/RPMS/lib64utempter0-devel-0.5.2-12.2.100mdk.amd64.rpm 63ead01dffb4be933c55e3c184ef3aff amd64/10.0/RPMS/utempter-0.5.2-12.2.100mdk.amd64.rpm 20728c199dc84538cc1c1c5db70b6784 amd64/10.0/SRPMS/utempter-0.5.2-12.2.100mdk.src.rpm
CS2.1 i586
9c88fb56dd2bf5be45b667dd986b6a93 corporate/2.1/SRPMS/utempter-0.5.2-11.2.C21mdk.src.rpm dc2b4c0b75f5829b01e5711a48575acb corporate/2.1/RPMS/libutempter0-0.5.2-11.2.C21mdk.i586.rpm 234bf4cd1d11f03999d0389dfb1b92a0 corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.2.C21mdk.i586.rpm d8c8193245ee4bb4dd0b29934710d616 corporate/2.1/RPMS/utempter-0.5.2-11.2.C21mdk.i586.rpm
10.0 i586
20728c199dc84538cc1c1c5db70b6784 10.0/SRPMS/utempter-0.5.2-12.2.100mdk.src.rpm 295d91a84f7495ec66796b06317a6e50 10.0/RPMS/libutempter0-0.5.2-12.2.100mdk.i586.rpm f6a6a5bff4c46f68f2e2039f88e281b9 10.0/RPMS/libutempter0-devel-0.5.2-12.2.100mdk.i586.rpm 80064975fddb9184eed63988ab8d5144 10.0/RPMS/utempter-0.5.2-12.2.100mdk.i586.rpm
9.2 i586
7e74a057a62e7b9b673ce6d67afa7787 9.2/SRPMS/utempter-0.5.2-12.2.92mdk.src.rpm 70753671ed9759554caebf40a5e6045c 9.2/RPMS/libutempter0-0.5.2-12.2.92mdk.i586.rpm ae1cad0a2d1bb89c2311f1a331b3af84 9.2/RPMS/libutempter0-devel-0.5.2-12.2.92mdk.i586.rpm 622767f0ce4824a0d70424932954b5d6 9.2/RPMS/utempter-0.5.2-12.2.92mdk.i586.rpm
9.1 i586
d5130114cb6a6eac57b13eb91abfef36 9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm 0593f4150d6eae47c91e844e39b45a98 9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.i586.rpm 9fa7cc39c0f06052be6e6a8a961e2ccd 9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.i586.rpm 0000bb29eff9317cb386eb5674c5f8e3 9.1/RPMS/utempter-0.5.2-10.2.91mdk.i586.rpm
MNF8.2 i586
3d1f7e6a11e8d342a625a5f2c849ac98 mnf8.2/SRPMS/utempter-0.5.2-5.2.M82mdk.src.rpm 7b5a0a2804484629e48956f0173bd034 mnf8.2/RPMS/libutempter0-0.5.2-5.2.M82mdk.i586.rpm e0187ad9c7ab211e1a6a51344da3ec59 mnf8.2/RPMS/libutempter0-devel-0.5.2-5.2.M82mdk.i586.rpm fe94436a22a4547e9d5b499076b431b9 mnf8.2/RPMS/utempter-0.5.2-5.2.M82mdk.i586.rpm
9.1 i586
d5130114cb6a6eac57b13eb91abfef36 ppc/9.1/SRPMS/utempter-0.5.2-10.2.91mdk.src.rpm b63ef5b274759fd8c72f1b756b343275 ppc/9.1/RPMS/libutempter0-0.5.2-10.2.91mdk.ppc.rpm ee58c267af2148950cd8ddf0dbd2829f ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.2.91mdk.ppc.rpm d0d22b0acaa39b6a55763c36fb5ba06c ppc/9.1/RPMS/utempter-0.5.2-10.2.91mdk.ppc.rpm