Published:
21 June 1999
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-1999.082 -- RHSA-1999:014-01
New dev, rxvt, screen packages for Red Hat Linux 6.0
22 June 1999
===========================================================================
Red Hat Software, Inc. has released the following advisory concerning a
vulnerability in dev, rxvt, and screen packages shipped with Red Hat Linux
6.0.
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: New dev, rxvt, screen packages for Red Hat Linux 6.0
Advisory ID: RHSA-1999:014-01
Issue date: 1999-06-15
Keywords: dev rxvt screen pts devpts tty
- ---------------------------------------------------------------------
1. Topic:
New dev, rxvt, and screen packages are available that fix a
security issue with the packages that originally shipped with
Red Hat Linux 6.0. Please read the 'Solution' section for
special action needed to complete this upgrade.
2. Bug IDs fixed:
2611 3025 3326
3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel: ftp://updates.redhat.com/6.0/i386/
dev-2.7.7-2.i386.rpm
rxvt-2.6.0-2.i386.rpm
screen-3.7.6-9.i386.rpm
Alpha: ftp://updates.redhat.com/6.0/alpha/
dev-2.7.7-2.alpha.rpm
rxvt-2.6.0-2.alpha.rpm
screen-3.7.6-9.alpha.rpm
Sparc: ftp://updates.redhat.com/6.0/sparc/
dev-2.7.7-2.sparc.rpm
rxvt-2.6.0-2.sparc.rpm
screen-3.7.6-9.sparc.rpm
7. Problem description:
The /dev/pts filesystem was mounted with options 'mode=0622'
in Red Hat Linux 6.0, instead of the correct 'gid=5,mode=0620'.
This could lead to users being able to write to affected ttys.
Additionally, once this was corrected, screen and rxvt would
still chmod the tty devices to potentially insecure modes.
8. Solution:
Upgrade to the latest errata releases of dev, screen and
rxvt for Red Hat Linux 6.0 on your particular platform.
While the post-install script for the dev package will add the
correct permissions for the /dev/pts file system in the
/etc/fstab file, you will have to manually unmount and
remount the /dev/pts file system with the following commands,
once the correct permissions have been set in the /etc/fstab file:
umount /dev/pts
mount /dev/pts
If you get the error message "umount: /dev/pts: device is busy"
when trying to unmount the filesystem, you will have to close
all connections using the filesystem, such as screen, xterm
(and other such X terminal programs), and some remote
connections.
9. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
34c8c9f6ae3bcb74e63fd67bb785b560 dev-2.7.7-2.i386.rpm
3f0ad6893bdbde6dc9c1a357e555a13b rxvt-2.6.0-2.i386.rpm
fc48d9c63ebe02b0fa1741f468f4ccea screen-3.7.6-9.i386.rpm
06777bc610b46490de200cd066c5687b dev-2.7.7-2.alpha.rpm
67bc34923cd2b2a4504fcb14ed735bf8 rxvt-2.6.0-2.alpha.rpm
f3c2f2c5867d3bca4a5751fcc8652105 screen-3.7.6-9.alpha.rpm
e43914909f7151ef525a6f4b9b1ad461 dev-2.7.7-2.sparc.rpm
fe677d3c7d188e204162d4694739639b rxvt-2.6.0-2.sparc.rpm
8e793294d01c9a8f7ded1c563cb0ab92 screen-3.7.6-9.sparc.rpm
b25e4de59a00270bb6acd85c8dc901ad dev-2.7.7-2.src.rpm
eed32f9b8d67c58d62989758beb7320d rxvt-2.6.0-2.src.rpm
f6b51e57e68c9f1e32dd58ef45c76797 screen-3.7.6-9.src.rpm
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html
10. References:
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBN3jZZih9+71yA2DNAQENLwP+KO0T3Gttc5Vr6yjcyrFQ4OLOfZdjLSUA
TrFQqqZ//wfo1CNWHzISifBS1BLwzdXkSjfO5eJx1WwYzlxW+faZQ/m4bJoCBOAx
Ub5KCAaqy3Tq13iiOjuJh/gQBwq6+0pcUcVEIc8+7SOZAMqHx0X6BGEG2OzLx3G7
GyG/1vFqSU4=
=1bdk
-----END PGP SIGNATURE-----