xinetd update -- Immunix OS 7.0

From: security@wirex.com
Date: Wed Jun 13 2001 - 02:00:42 CEST

  • Next message: secure@conectiva.com.br: "[CLA-2001:404] Conectiva Linux Security Announcement - xinetd"

    -----------------------------------------------------------------------
            Immunix OS Security Advisory

    Packages updated: xinetd
    Affected products: Immunix OS 7.0-beta and 7.0
    Bugs fixed: immunix/1614
    Date: Mon Jun 11 2001
    Advisory ID: IMNX-2001-70-024-01
    Author: Seth Arnold <sarnold@wirex.com>
    -----------------------------------------------------------------------

    Description:
      xinetd in the base Immunix OS 7.0 initially set its umask value to 0.
      This allows any services started via xinetd to create files that are
      world-writable unless the service changes its umask before creating
      files or specifies file modes when creating files. There is also a
      buffer overflow; StackGuard prevents this from being used to gain
      privileges, though an attacker could remotely kill the xinetd daemon.

      The default configuration of Immunix OS 7.0 has only wu-ftpd enabled;
      wu-ftpd appears to be careful when creating files to set the modes
      more restrictively, though we have not conducted an extensive audit.
      Users who have enabled other services may be at higher risk. A service
      known to be vulnerable is Samba's SWAT tool.

      Immunix OS 6.2 used inetd rather than xinetd and is not vulnerable.

      Everyone is encouraged to upgrade xinetd; those who have enabled other
      services or used identd logging should upgrade xinetd quickly and
      examine their systems for world-writable files.

      References: http://www.securityfocus.com/archive/1/189621
      http://www.securityfocus.com/archive/1/188847

      Thanks to Andrew Tridgell and zen-parse for finding these problems.

    Package names and locations:
      Precompiled binary packages for Immunix 7.0-beta and 7.0 are available at:
      http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/xinetd-2.1.8.9pre15-2_imnx.i386.rpm

      Source package for Immunix 7.0-beta and 7.0 is available at:
      http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/xinetd-2.1.8.9pre15-2_imnx.src.rpm

    md5sums of the packages:
      8841c6a1d15a063ca1bb16ba132e0f7d RPMS/xinetd-2.1.8.9pre15-2_imnx.i386.rpm
      da497d94349ab3d1b2e0713be4595875 SRPMS/xinetd-2.1.8.9pre15-2_imnx.src.rpm

    GPG verification:
      Our public key is available at <http://wirex.com/security/GPG_KEY>.
      *** NOTE *** This key is different from the one used in advisories
      IMNX-2001-70-020-01 and earlier.

    Online version of all Immunix 6.2 updates and advisories:
      http://immunix.org/ImmunixOS/6.2/updates/

    Online version of all Immunix 7.0-beta updates and advisories:
      http://immunix.org/ImmunixOS/7.0-beta/updates/

    Online version of all Immunix 7.0 updates and advisories:
      http://immunix.org/ImmunixOS/7.0/updates/

    NOTE:
      Ibiblio is graciously mirroring our updates, so if the links above are
      slow, please try:
        ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
      or one of the many mirrors available at:
        http://www.ibiblio.org/pub/Linux/MIRRORS.html

    Contact information:
      To report vulnerabilities, please contact security@wirex.com. WireX
      attempts to conform to the RFP vulnerability disclosure protocol
      <http://www.wiretrip.net/rfp/policy.html>.





    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 18:51:52 CEST