-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2006.0579 -- [UNIX/Linux][Debian]
               New shadow packages fix privilege escalation
                              14 August 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              shadow
Publisher:            Debian
Operating System:     Debian GNU/Linux 3.1
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Increased Privileges
Access:               Existing Account
CVE Names:            CVE-2006-2194

Original Bulletin:    http://www.debian.org/security/2006/dsa-1150

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running shadow check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1150-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 12th, 2006                       http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : shadow
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-2194
BugTraq ID     : 18849

A bug has been discovered in several packages that execute teh
setuid() system call without checking for sucess when trying to drop
privileges, which may fail with some PAM configurations.

For the stable distribution (sarge) this problem has been fixed in
version 4.0.3-31sarge8.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.17-2.

We recommend that you upgrade your passwd package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.dsc
      Size/MD5 checksum:      839 41bfb3755b2ce8757503ddacdc16ce2e
    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.diff.gz
      Size/MD5 checksum:  1319891 37ff81fdb6257fd5fbf0dac750994a17
    http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3.orig.tar.gz
      Size/MD5 checksum:  1045704 b52dfb2e5e8d9a4a2aae0ca1b266c513

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_alpha.deb
      Size/MD5 checksum:   592990 fc32b98aaa86270b24ffcbcc628c6b53
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_alpha.deb
      Size/MD5 checksum:   693290 df12c75d0cb8a4ed74cf3d9b9a42b544

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_amd64.deb
      Size/MD5 checksum:   583790 a6fa0e91cff19cce477ffa2ef9c15a51
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_amd64.deb
      Size/MD5 checksum:   598818 bd00af826eb416d84a806d3b85aae20a

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_arm.deb
      Size/MD5 checksum:   573182 ff4ee5cfa0a41db6b0d3828b85791eb1
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_arm.deb
      Size/MD5 checksum:   524146 b3163af303b9325b8b3fbd17847d5510

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_i386.deb
      Size/MD5 checksum:   575962 da7d31edbc2ae8efa062efceb7412403
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_i386.deb
      Size/MD5 checksum:   528482 674bc0f5a55b5a9c089776946881912e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_ia64.deb
      Size/MD5 checksum:   602812 6d5bf5529766f141197e06526ad89e03
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_ia64.deb
      Size/MD5 checksum:   757510 ee72e952ae6a72ad1bb43926736fc524

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_hppa.deb
      Size/MD5 checksum:   583126 6a6fe662ce9b70b105445287f7de8350
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_hppa.deb
      Size/MD5 checksum:   573358 52982450016009a1d105026df2ed9476

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_m68k.deb
      Size/MD5 checksum:   571880 95318dd38be1768f37870ef76772d468
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_m68k.deb
      Size/MD5 checksum:   512466 84bb5dfc7a00b48331d16135659ce4b1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mips.deb
      Size/MD5 checksum:   588494 9fe712af58492605236207221ca86cbf
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mips.deb
      Size/MD5 checksum:   656588 bcc61369a7b7d26c0f2deae3fcea169b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mipsel.deb
      Size/MD5 checksum:   587674 9d4ab58720cbeff9e77ca5e543092cfd
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mipsel.deb
      Size/MD5 checksum:   654250 1ddb102ea0773af194c5ac4198d91b14

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_powerpc.deb
      Size/MD5 checksum:   583558 43a88fc71b1d49d0fa369008f683bf6a
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_powerpc.deb
      Size/MD5 checksum:   565848 cb039cc1d7d3b3b2197336b246a005a4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_s390.deb
      Size/MD5 checksum:   583082 d2bc93a93d9c8d558e9928267ebcbf36
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_s390.deb
      Size/MD5 checksum:   578882 983719b3c73ce360585e49a38ba2f2e1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_sparc.deb
      Size/MD5 checksum:   575736 1d138fefdee9b5714f002ec0dd56b7f7
    http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_sparc.deb
      Size/MD5 checksum:   532128 96efe104eae8a228474a5d456c3b2907


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE3gbPW5ql+IAeqTIRArPYAJ9QDaWDHuyAKGFsNL/yD03gG+A8xgCfZqX3
mxXbCejE+IIPJ4zwU4GQyV8=
=sQR4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRN/L/ih9+71yA2DNAQKlbwP+P0JDvoXjgRQLjDHRRvZ7+SL38dCt6M6L
kpCYvHB1YjbMb5f8oldsb46uqjeggPhMlXrRED3KXaqLdT5vO04iHtkwO8ZhJv7r
Xwh62dOAbdBZGtN3XIoF0kx15JY0llc+G7Hq5KouTwb/RhCpWtuldWFwqt8CRhmo
2cCbYyCakG0=
=HplG
-----END PGP SIGNATURE-----