Package name
utempter
Date
2004-04-19
Advisory ID
MDKSA-2004:031
Affected versions
9.2 amd64 , CS2.1 x86_64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586

Problem description

Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems.

Updated packages

9.2 amd64

 92b815911cfc95b1fe982b1e6d34fbe9  amd64/9.2/RPMS/lib64utempter0-0.5.2-12.1.92mdk.amd64.rpm
7e5c27d4817e8bd1cb661baf4fa2098d  amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.1.92mdk.amd64.rpm
d83101f51887fa4576ba70bd44dc96d4  amd64/9.2/RPMS/utempter-0.5.2-12.1.92mdk.amd64.rpm
6bcb323d7d50949a1b4f8bae5bd84fd6  amd64/9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm

CS2.1 x86_64

 284d5f6f9bded143a8d26c8062eb9e70  x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.x86_64.rpm
62ada7f5235b513c978dc8eea2184b8b  x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.x86_64.rpm
8755f9214bb5412a204b24e6cce68ab5  x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.x86_64.rpm
ef9fe684449e0faaf59be81ed63df284  x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm

CS2.1 i586

 c16478b61d52db976f712b5817bbf167  corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.i586.rpm
7f74bd805709457dfb71a3bdc91f2577  corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.i586.rpm
eb25144f12a1d93d7d9634964a1d7bbd  corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.i586.rpm
ef9fe684449e0faaf59be81ed63df284  corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm

10.0 i586

 e5458d8e68dd55b2dcface9f2ead71cd  10.0/RPMS/libutempter0-0.5.2-12.1.100mdk.i586.rpm
366d48de884799751c7110f84d835cc0  10.0/RPMS/libutempter0-devel-0.5.2-12.1.100mdk.i586.rpm
6eabf21bdf9d7eba1a86fac4589e5714  10.0/RPMS/utempter-0.5.2-12.1.100mdk.i586.rpm
52a5e2fa807981cba7156213684bb9ce  10.0/SRPMS/utempter-0.5.2-12.1.100mdk.src.rpm

9.2 i586

 90522a1350a48e3527ac5d62e9f42d02  9.2/RPMS/libutempter0-0.5.2-12.1.92mdk.i586.rpm
93cc7f6b06e932fb669cf4f6e76d219f  9.2/RPMS/libutempter0-devel-0.5.2-12.1.92mdk.i586.rpm
9295f7ce85188523ef2ddf02e2137d4b  9.2/RPMS/utempter-0.5.2-12.1.92mdk.i586.rpm
6bcb323d7d50949a1b4f8bae5bd84fd6  9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm

9.1 i586

 ff42f22d509bf90dc87c29acf970548b  9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.i586.rpm
7f100656a81b88e2ddc0f1a3ffd6cc1d  9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.i586.rpm
ae56735580eaff60027404a27843b28f  9.1/RPMS/utempter-0.5.2-10.1.91mdk.i586.rpm
1f308d636a246978a66f79802467e09b  9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm

MNF8.2 i586

 4a73fd406115139f44a96595d7a7d636  mnf8.2/RPMS/libutempter0-0.5.2-5.1.M82mdk.i586.rpm
4ec3be7ee3b1afc20cee08edd699d88c  mnf8.2/RPMS/libutempter0-devel-0.5.2-5.1.M82mdk.i586.rpm
6f88c9436293c120c90877f12d8426a9  mnf8.2/RPMS/utempter-0.5.2-5.1.M82mdk.i586.rpm
273359b6f93965a0995a6c11cf3a1d77  mnf8.2/SRPMS/utempter-0.5.2-5.1.M82mdk.src.rpm

9.1 i586

 1c72b8d5bf1e88e267fdd818094f1d52  ppc/9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.ppc.rpm
45e56e24d73c0744460908206164bad6  ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.ppc.rpm
218199c662a394416a5b37ce95fe69fe  ppc/9.1/RPMS/utempter-0.5.2-10.1.91mdk.ppc.rpm
1f308d636a246978a66f79802467e09b  ppc/9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm

References