Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0490 -- Debian Security Advisory DSA 725-2
New ppxp packages fix local root exploit
5 July 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ppxp
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Impact: Root Compromise
Access: Existing Account
CVE Names: CAN-2005-0392
Ref: ESB-2005.0396
Original Bulletin: http://www.debian.org/security/2005/dsa-725
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 725-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 4th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : ppxp
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0392
Jens Steube discovered that ppxp, yet another PPP program, does not
release root privileges when opening potentially user supplied log
files. This can be tricked into opening a root shell.
For the old stable distribution (woody) this problem has been
fixed in version 0.2001080415-6woody1 (DSA 725-1).
For the stable distribution (sarge) this problem has been fixed in
version 0.2001080415-10sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 0.2001080415-11.
We recommend that you upgrade your ppxp package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.dsc
Size/MD5 checksum: 714 0e065407ae76d9ca2f9def7a1d8f92af
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.diff.gz
Size/MD5 checksum: 8957 ed343f25afa1ade81217f8b315d25e96
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
Size/MD5 checksum: 426444 35dc6007ee4eafa9685f5e1e695a1464
Alpha architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 273842 9ed2250a15a07b317cd277237e80f669
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 84818 f405c062f88ad812c57bbe7f5fcb8c26
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 63084 2214812bc3da14f06d992322ca9f15d2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 76728 7b2ff4bc2208e1a93f9d123c2c31cc4a
ARM architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 225104 f23ae008a1f1261a4b1f4c84afd35c71
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 66496 0410908c710d224b793b275d375cf76c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 57168 5dd01ecdcf92a83cd973de739c518e03
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 61732 72b35701c12b3046b23ca19db5506c75
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 222244 027926b5e5ac4cf6c4f22f0cd5890e84
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 64024 3c59e05e77e2530260734474cf0bb77c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 58142 56dc14c3039685d119b16c2b806d5fbd
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 61534 71d2ad92f1d77ad4d89ecd7de67219f6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 295426 a39f4b9d22a0a0b725bec69d606f1a81
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 81148 6b0399263e036d09b66806fb091524ef
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 66188 e4fe2c30e754e698f3eb6fe3eb8d9719
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 82972 efb913c2bf338a52637cc82c97327a88
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 243160 b3835adfae98f76b3efdfcd7853d0171
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69424 d80e5e19b63973e4f80c39ad3233e5a8
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 61478 ae640e45c9c4abdd037b085a32bdd03e
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69866 b68592ad39a9284257f5fc49de8cab1f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 213564 9a276b8aec26a867671523ff5035fdd2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 64214 bf06732df6fc3229f8965f59beca5101
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 58110 46bb2da34671c0d32d1f4d32dc770ec6
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 60158 f386258d996efae327a9fa8fca820a17
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 247092 6bba1ce186cf00882c3932c10d67cf02
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 69660 2598103571a690e4bf8f64ecada6b638
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 59014 18a76c0648817a537c8cfdfa5c3eb793
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 72436 9e9ae78c5c78f813fcc156aa7e0976be
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 248700 b5cae50b114d4464e7be8d930bee511c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 69060 ea5ad0c81234a8790da0103773071299
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 58806 d62f0899543feb9a7872c58f0ac7aa6b
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 71030 25c0ed8d3fa575c5d5ea7e48e6ba9fe9
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 238690 ee17a47c6002345e916a75f918e66a05
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 78560 324da53c0df2605a135b2225448f89bf
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 60854 8cd7b904a47136e15de1fa463dc2ab70
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 69402 0e414abed84d60126f0717581ad4fcc2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 239410 6d706f726c18dc95123f38ce43ddcd6f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 110094 fa0fdb1e1f589f2aa7006a5fcd60cc91
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 61456 880664c6876b89393102ebcac7eed59f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 69660 096e956414ad270ec935502bed3479d8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 226238 9a230cf800ca7e5d0902e380f193c7d7
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 67016 d2c506f94eee2cb632d64b3a1d95df2d
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 57950 fd91ff4f6399226d70ba885c756d7e49
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 62376 680aca599e7d986519483354f4e61e85
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCyXqGW5ql+IAeqTIRAo3vAJ9k9kHE2sN9+58Y1sJpYoDj75HlywCfTiA5
UC+s+DKld5VPMSsfk1RjqI8=
=+cFn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQsnHZCh9+71yA2DNAQLkfgP8CvezxbNJHOFx/BZDF5B/jguN5b4unKHX
LKyRAEhNGEaiDxm48KkX+auL4OYgza7CdHTQ0z75YpHJgRHShGqlw/2mQ6ZM1ap2
cXvqeY5rJ5CEja0pexXX/4MamdbfG7xxMeAptR6IdNjMrhAiY9oqidThFUrQdCIN
XUqV45+XvIY=
=NUaH
-----END PGP SIGNATURE-----