Debians sikkerhedsbulletin
DSA-137-1 mm -- usikre midlertidige filer
- Rapporteret den:
- 30. jul 2002
- Berørte pakker:
- mm
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 5352.
I Mitres CVE-ordbog: CVE-2002-0658. - Yderligere oplysninger:
-
Marcus Meissner og Sebastian Krahmer har opdaget og rettet et sårbarhedsproblem med midlertidige problemer i det delte hukommelsesbibliotek mm. Problemet kan udnyttes til at få root-adgang til en maskine som kører Apache som er linket til dette bibliotek, hvis shell-adgang til brugeren "www-data" allerede er tilgængelig (hvilket nemt kunne ske via PHP).
Problemet er rettet i opstrøms version 1.2.0 af mm, som vil blive uploadet til Debians ustabile distribution mens denne bulletin frigives. Der er links til rettede pakker til potato (Debian 2.2) og woody (Debian 3.0) nedenfor.
Vi anbefaler at du omgående opgraderer dine libmm-pakker og genstarter din Apache-server.
- Rettet i:
-
Debian GNU/Linux 2.2 (potato)
- Kildekode:
- http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.dsc
- http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.diff.gz
- http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_arm.deb
- Intel ia32:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_i386.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_m68k.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_m68k.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_powerpc.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.dsc
- http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.diff.gz
- http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3.orig.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_alpha.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_arm.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_arm.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_arm.deb
- Intel ia32:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_i386.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_i386.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_i386.deb
- Intel ia64:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_ia64.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_ia64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_hppa.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_m68k.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mips.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mips.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_powerpc.deb
- IBM S/390 architecture:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_s390.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_s390.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_sparc.deb
- http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.