Re: query regarding CAN-2001-0923

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 08, 2004 at 03:48:41AM +0530, Santosh Eraniose wrote:
> Hi,
> 
> I have come across this advisory, CAN-2001-0923, but am unable to see
> any updates related to it on the Redhat site. I have seen some updates from
> Connectiva, but have been unable to download, as the file seems to be 
> removed.
> I have checked the archives of Oct 2001-Jan 2002, but have seen no 
> discussion on this mailing list.
> 
> It would be helpful, if you are aware of updates to this issue if any.
> 
> Details are from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0923
> Name 	CAN-2001-0923 (under review)
> Description RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to 
> execute arbitrary
> code via corrupted data in the RPM file when the file is queried

The exploit was twisting a value causing heap corruption leading
to a setuid shell because of a rpm -q against a malicious package.

The problem was fixed in July or August 2002.

The CAN report should say rpm-4.0 and rpm-4.0.2 only, there was no
rpm-4.0.1 release.

FWIW, rpm-4.1-1 was known to be immune to all single byte damage
to a header, tested by exhaustive changing every byte to every possible
value and looking for a segfault.

In addition, rpm-4.1 and later has sha1 digest and signature checks on
all header read paths -- when correctly configured and used --
which should be at least mildly reassuring.

73 de Jeff

-- 
Jeff Johnson	ARS N3NPQ
jbj@xxxxxxxxxx (jbj@xxxxxxx)
Chapel Hill, NC

_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list

[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux