Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Fedora » Lm_sensors denial of service FC4

Lm_sensors denial of service FC4

A bug was found in the pwmconfig tool which uses temporary files in an insecure manner. The pwconfig tool writes a configuration file which may be world readable for a short period of time. This file contains various information about the setup of lm_sensors on that machine. It could be modified within the short window to contain configuration data that would either render lm_sensors unusable or in the worst case even hang the machine resulting in a DoS. Fedora Core 4.

  • Vendor: Fedora
  • Vendor ID: FEDORA-2005-1053
  • Date: November 07, 2005


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1053
2005-11-07
---------------------------------------------------------------------

Product : Fedora Core 4
Name : lm_sensors
Version : 2.9.1
Release : 3.FC4.1
Summary : Hardware monitoring tools.
Description :
The lm_sensors package includes a collection of modules for general SMBus
access and hardware monitoring. NOTE: this requires special support which
is not in standard 2.2-vintage kernels.

---------------------------------------------------------------------
Update Information:

The lm_sensors package includes a collection of modules for
general SMBus access and hardware monitoring. NOTE: this
package requires special support which is not in standard
2.2-vintage kernels.

A bug was found in the pwmconfig tool which uses temporary
files in an insecure manner. The pwconfig tool writes a
configuration file which may be world readable for a short
period of time. This file contains various information about
the setup of lm_sensors on that machine. It could be
modified within the short window to contain configuration
data that would either render lm_sensors unusable or in the
worst case even hang the machine resulting in a DoS. The
Common Vulnerabilities and Exposures project has assigned
the name CVE-2005-2672 to this issue.

Users of lm_sensors are advised to upgrade to these updated
packages, which contain a patch which resolves this issue.
---------------------------------------------------------------------
* Thu Sep 1 2005 Phil Knirsch 2.9.1-3.FC4.1
- Fixed CAN-2005-2672 lm_sensors pwmconfig insecure temporary file usage
(#166673)
- Fixed missing optflags during build (#166910)

* Mon May 23 2005 Phil Knirsch 2.9.1-3
- Update to lm_sensors-2.9.1
- Fixed wrong/missing location variables for make user
- Fixed missing check for /etc/modprobe.conf in sensors-detect (#139245)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

01f14f40542a5dbd8a069c187da2a6cd SRPMS/lm_sensors-2.9.1-3.FC4.1.src.rpm
6edf4ba108f9a888f7606351a13b14d6 x86_64/lm_sensors-2.9.1-3.FC4.1.x86_64.rpm
a746776641693fcfd22d8b235c395d98 x86_64/lm_sensors-devel-2.9.1-3.FC4.1.x86_64.rpm
220e210a34405bd704d11becfb21e31a x86_64/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.x86_64.rpm
8a86673c482d82ced8a22048589523d5 x86_64/lm_sensors-2.9.1-3.FC4.1.i386.rpm
8a86673c482d82ced8a22048589523d5 i386/lm_sensors-2.9.1-3.FC4.1.i386.rpm
944ea0d8a3777920dd59945dd8461781 i386/lm_sensors-devel-2.9.1-3.FC4.1.i386.rpm
ca7be3d727275f938b32f42eaaf71435 i386/debug/lm_sensors-debuginfo-2.9.1-3.FC4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »