AUSCERT External Security Bulletin Redistribution
                       ESB-1999.082 -- RHSA-1999:014-01
             New dev, rxvt, screen packages for Red Hat Linux 6.0
                                22 June 1999


Red Hat Software, Inc. has released the following advisory concerning a
vulnerability in dev, rxvt, and screen packages shipped with Red Hat Linux

- --------------------------BEGIN INCLUDED TEXT--------------------

- ---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		New dev, rxvt, screen packages for Red Hat Linux 6.0
Advisory ID:		RHSA-1999:014-01
Issue date:		1999-06-15
Keywords:		dev rxvt screen pts devpts tty
- ---------------------------------------------------------------------

1. Topic:

New dev, rxvt, and screen packages are available that fix a
security issue with the packages that originally shipped with
Red Hat Linux 6.0. Please read the 'Solution' section for
special action needed to complete this upgrade.

2. Bug IDs fixed:

2611 3025 3326

3. Relevant releases/architectures:

Red Hat Linux 6.0, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Intel: ftp://updates.redhat.com/6.0/i386/


Alpha: ftp://updates.redhat.com/6.0/alpha/


Sparc: ftp://updates.redhat.com/6.0/sparc/


7. Problem description:

The /dev/pts filesystem was mounted with options 'mode=0622'
in Red Hat Linux 6.0, instead of the correct 'gid=5,mode=0620'.
This could lead to users being able to write to affected ttys.

Additionally, once this was corrected, screen and rxvt would
still chmod the tty devices to potentially insecure modes.

8. Solution:

Upgrade to the latest errata releases of dev, screen and
rxvt for Red Hat Linux 6.0 on your particular platform.
While the post-install script for the dev package will add the
correct permissions for the /dev/pts file system in the
/etc/fstab file, you will have to manually unmount and
remount the /dev/pts file system with the following commands,
once the correct permissions have been set in the /etc/fstab file:

umount /dev/pts
mount /dev/pts

If you get the error message "umount: /dev/pts: device is busy"
when trying to unmount the filesystem, you will have to close
all connections using the filesystem, such as screen, xterm
(and other such X terminal programs), and some remote

9. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
34c8c9f6ae3bcb74e63fd67bb785b560  dev-2.7.7-2.i386.rpm
3f0ad6893bdbde6dc9c1a357e555a13b  rxvt-2.6.0-2.i386.rpm
fc48d9c63ebe02b0fa1741f468f4ccea  screen-3.7.6-9.i386.rpm

06777bc610b46490de200cd066c5687b  dev-2.7.7-2.alpha.rpm
67bc34923cd2b2a4504fcb14ed735bf8  rxvt-2.6.0-2.alpha.rpm
f3c2f2c5867d3bca4a5751fcc8652105  screen-3.7.6-9.alpha.rpm

e43914909f7151ef525a6f4b9b1ad461  dev-2.7.7-2.sparc.rpm
fe677d3c7d188e204162d4694739639b  rxvt-2.6.0-2.sparc.rpm
8e793294d01c9a8f7ded1c563cb0ab92  screen-3.7.6-9.sparc.rpm

b25e4de59a00270bb6acd85c8dc901ad  dev-2.7.7-2.src.rpm
eed32f9b8d67c58d62989758beb7320d  rxvt-2.6.0-2.src.rpm
f6b51e57e68c9f1e32dd58ef45c76797  screen-3.7.6-9.src.rpm

These packages are also PGP signed by Red Hat Inc. for security.  Our
key is available at:


10. References:

- --------------------------END INCLUDED TEXT--------------------

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It will
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key