Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > Mandriva - Two Security Advisories

October 2005

Mandriva - Two Security Advisories

ID: 00959
Ref: 897/05
Date: 28 October 2005:15:25:04
Version: 1
Title: Mandriva - Two Security Advisories
Abstract: 1. Updated apache-mod_auth_shadow packages fix security restriction bypass issues [MDKSA-2005:200] , 2. Updated sudo packages fix vulnerability [MDKSA-2005:201]
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Two Security Advisories:
1. Updated apache-mod_auth_shadow packages fix security restriction bypass issues [MDKSA-2005:200]
2. Updated sudo packages fix vulnerability [MDKSA-2005:201]


Detail
======

Security advisory summaries:

1. The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with
AuthShadow enabled uses shadow authentication for all locations that
use the require group directive, even when other authentication
mechanisms are specified, which might allow remote authenticated users
to bypass security restrictions.

2. Tavis Ormandy discovered that sudo does not perform sufficient
environment cleaning; in particular the SHELLOPTS and PS4 variables are
still passed to the program running as an alternate user which can
result in the execution of arbitrary commands as the alternate user
when a bash script is executed.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:200
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache-mod_auth_shadow
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________

Problem Description:

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with
AuthShadow enabled uses shadow authentication for all locations that
use the require group directive, even when other authentication
mechanisms are specified, which might allow remote authenticated users
to bypass security restrictions.

This update requires an explicit "AuthShadow on" statement if website
authentication should be checked against /etc/shadow.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2963
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
528cdab76158def18a53ce798f06efbf 10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.i586.rpm
670e7f53e4d7ec420cc0ce529a11a423 10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
43f45a988397a72e7a00485055f00ca1 x86_64/10.1/RPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.x86_64.rpm
670e7f53e4d7ec420cc0ce529a11a423 x86_64/10.1/SRPMS/apache2-mod_auth_shadow-2.0.50_2.0-3.2.101mdk.src.rpm

Mandriva Linux 10.2:
aa10a068cf7bc453cd8935b48afed141 10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.i586.rpm
c7d15fcb80581c1169366d6ae56f9a1c 10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
caa1cb7195baf33a5ea8e07f31a84825 x86_64/10.2/RPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.x86_64.rpm
c7d15fcb80581c1169366d6ae56f9a1c x86_64/10.2/SRPMS/apache2-mod_auth_shadow-2.0.53_2.0-6.2.102mdk.src.rpm

Mandriva Linux 2006.0:
e720a14ca9e445ae9aca32a8bd077f59 2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.i586.rpm
29be94c1a29d1c1400d84781fe25fd2d 2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
19778e61e14975aa3f749068d985cf34 x86_64/2006.0/RPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.x86_64.rpm
29be94c1a29d1c1400d84781fe25fd2d x86_64/2006.0/SRPMS/apache-mod_auth_shadow-2.0.54_2.0-4.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDYSF4mqjQ0CJFipgRApMhAJwOhHZTL6cM5QtWXwPx7b2UUm+QOwCfTUNS
vCWmnkfd7AbnuJXCDlTZMVk=
=791Z
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:201
http://www.mandriva.com/security/
_______________________________________________________________________

Package : sudo
Date : October 27, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Tavis Ormandy discovered that sudo does not perform sufficient
environment cleaning; in particular the SHELLOPTS and PS4 variables are
still passed to the program running as an alternate user which can
result in the execution of arbitrary commands as the alternate user
when a bash script is executed.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2959
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
f7a973c064788876a3927e23698165e7 corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm
9d41a3e0d779287d5d6defe3effeadb6 corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
11dee7cd0ef65739fbcb74eb4435abb7 x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm
9d41a3e0d779287d5d6defe3effeadb6 x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm

Mandriva Linux 10.1:
3ac90a3cd189ea0326d927370fdb250e 10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm
d0f1e39453c3efa42829959452b10f85 10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
e4522d2cc1241b549143cdfd384b1e84 x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm
d0f1e39453c3efa42829959452b10f85 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm

Corporate 3.0:
7f961e981298b0e17db2206b0c173c94 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm
541ec48ae7f199c9e02209552541c93a corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0baca1e5dd528d9a0746812c3f70b6aa x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm
541ec48ae7f199c9e02209552541c93a x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
73f5119120b2f173d2a5b529bc4b94b1 mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm
6711bd6886115f5e5ec429eb739af719 mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm

Mandriva Linux 10.2:
d1145addcb3d305aa1149baaad74bee4 10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm
7cfd46cb455cc00b091849726d4763f5 10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
9d59bab72f413dd21013add16252a48a x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm
7cfd46cb455cc00b091849726d4763f5 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm

Mandriva Linux 2006.0:
bf2035af2ac556c3bcb013e80c4fbbd9 2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm
4c708ebf20c38db338e909e6e461888f 2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
569e58db33c0a58b0548e3ea699e86fa x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm
4c708ebf20c38db338e909e6e461888f x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDYSHOmqjQ0CJFipgRAhsFAKCvJg0ITGiwt0O/0MIrgel7XzsnWwCfWI6V
Gg3ko/2ajzrqIcE0Dz+QL0s=
=weOX
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |