Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Immunix IMNX-2003-7+-010-01: Fileutils local root compromise

Immunix IMNX-2003-7+-010-01: Fileutils local root compromise

by Nikola Strahija on May 17th, 2003 A vulnerability has been found in Immunix OS 7.0 and 7+ which could lead to local root compromise if root renames or remove group- or world-writable directory trees.


-----------------------------------------------------------------------
Immunix Secured OS Security Advisory

Packages updated: fileutils
Affected products: Immunix OS 7.0, 7+
Bugs fixed: CAN-2002-0435
Date: Fri May 16 2003
Advisory ID: IMNX-2003-7+-010-01
Author: Seth Arnold
-----------------------------------------------------------------------

Description:
Wojciech Purczynski discovered filesystem race conditions in the GNU
fileutils suite, that allows for local root compromise if root renames
or removes group- or world-writable directory trees.

This release fixes this problem by comparing (dev, inode) pairs before
and after chdir("..") calls. If the pairs don't match, an error is
returned. Thanks to Jim Meyering for the patch.

Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/fileutils-4.0x-3_imnx_1.i386.rpm

A source package for Immunix 7+ is available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

Immunix OS 7+ md5sums:
14e6f08085ae88a6545d30c7428e30fd RPMS/fileutils-4.0x-3_imnx_1.i386.rpm
cb75eca0cd9832c317a89d2cf0871847 SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

GPG verification:
Our public key is available at http://wirex.com/security/GPG_KEY.

NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html

ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.

Contact information:
To report vulnerabilities, please contact [email protected] WireX
attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »