Bugtraq mailing list archives

Re: [SECURITY] new version isdnutils fixes exploitable xmonisdn

From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Wed, 18 Aug 1999 14:55:23 +0200


Florian Weimer <fw () S NETIC DE> writes:

Aleph One <aleph1 () UNDERGROUND ORG> writes:

We have received reports that the version of xmonisdn as distributed
in the isndutils package from Debian GNU/Linux 2.1 has a security
problem.

Note that other Linux distributions may be affected as well.
The makefile that comes with the (rather outdated) isdn4kutils betas
and that was in the isdn4linux CVS tree installed xmonisdn setuid root,
too (until Paul Slootman committed a fix at the beginning of August).


For mandrake (should work also on a RH6) we have already send a update :

--=-=-=
August, 17 1999 SECURITY UPDATE: isdn4utils

xmonisdn as distributed in the isndutils package from Mandrake 6.0 has a
security problem. Upgrade to:

4109ff6f46614bfba6eb5b41651eea56 isdn4k-utils-3.0-4mdk.i586.rpm
90a263b047adbb52b937546c5571c780 isdn4k-utils-3.0-4mdk.src.rpm

from http://www.linux-mandrake.com/en/fupdates.php3

--=-=-=


--
MandrakeSoft          http://www.mandrakesoft.com/
                                         --Chmouel

Current thread:

Re: [SECURITY] new version isdnutils fixes exploitable xmonisdn Florian Weimer (Aug 17)
- <Possible follow-ups>
- Re: [SECURITY] new version isdnutils fixes exploitable xmonisdn Chmouel Boudjnah (Aug 18)