From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:100 - Updated rsh packages fix vulnerability
Message-Id: <E1DiIsP-0007U8-0f@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Tue, 14 Jun 2005 15:23:17 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: rsh
Advisory ID: MDKSA-2005:100
Date: June 14th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability in the rcp protocol was discovered that allows a server
to instruct a client to write arbitrary files outside of the current
directory, which could potentially be a security concern if a user used
rcp to copy files from a malicious server.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
5e6f513e437cc9a5a619f323509ca58a 10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm
aec49c478c37577b6fd795bd9bb4ba67 10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm
259dcd458b33d1de12d172e876366165 10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
fd2d00b91971f0b137696c0ca256b94a amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm
81fffa62d628599cee1f7b590ae4c38e amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm
259dcd458b33d1de12d172e876366165 amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm
Mandrakelinux 10.1:
de740985b0e213128f8639e3af831b5e 10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm
ff6873ae461a9a12e6a2aeee30a80aa0 10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm
2a5d801cdedfa0b0b588d340b79c9473 10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
716ae1dc777924d462d9c502238bda9e x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm
23ea2409d82a32918e5e132d8e1fff90 x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm
2a5d801cdedfa0b0b588d340b79c9473 x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm
Mandrakelinux 10.2:
381a2b0e1418a14b618030f27ac445ea 10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm
d750e7ffcf28e7530e19a294ca9d6bc7 10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm
1b576319abe603cfaa12d8ee3e314b0d 10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
7d9fd388f7fefa1e454b9d938befcfdc x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm
decb83a56d54b9d6310f4e1f2aefe555 x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm
1b576319abe603cfaa12d8ee3e314b0d x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm
Corporate Server 2.1:
a63459af04b29923eff1606742eb9ce4 corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm
b655300455ec6bd0fb8c782cfbcbe281 corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm
c828642735f509a405e4582b9f6f3a29 corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
14219e4f9ada6336f7b26a86881942e2 x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm
c32ccf5751017c29817fdd485c489f4b x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm
c828642735f509a405e4582b9f6f3a29 x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm
Corporate 3.0:
b20aa1eb70c7bfc006c0c946601c9596 corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm
7ae577ac25ff29385f99516abd79baaf corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm
c6fac5847bb6c80b8c92a22750d1c438 corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
37a7576122ea4001257e11d034100c28 x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm
f7e9c14163f5a56b29fc2b17ae172bfb x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm
c6fac5847bb6c80b8c92a22750d1c438 x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCr0rEmqjQ0CJFipgRAstZAJ9nc3Feivcc7Sf8IK5iKJPb2B8WNgCgsBFc
D0N2xFQ36ZmCMiw2OQZqCvE=
=4e3/
-----END PGP SIGNATURE-----