From secure@conectiva.com.br Fri Oct 17 15:26:28 2003 From: Conectiva Updates To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org Date: Fri, 17 Oct 2003 15:49:39 -0200 Subject: [CLA-2003:766] Conectiva Security Announcement - gdm -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : gdm SUMMARY : Local denial of service vulnerabilities DATE : 2003-10-17 15:46:00 ID : CLA-2003:766 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION GDM[1] is the Gnome display manager used for graphical logins. Jarno Gassenbauer found two local denial of service vulnerabilites in GDM, both fixed in the versions 2.4.4.4, 2.4.1.7 and in the packages released with this advisory: - GDM does not impose a size limit to its receive buffer (which is dynamically allocated). An attacker can exploit this vulnerability by sending an arbitrary number of bytes to GDM so that the memory will be exausted and the kernel will terminate the GDM process. - GDM does not control the number nor imposes a timeout when queried for commands (like calls for version string, authentication, etc). An attacker can connect to gdm, send a command and never read the answer, thus causing gdm to fill its send buffer and stop accepting new, valid, logins. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0793 and CAN-2003-0794, respectively, to these issues. SOLUTION It is recommended that all GDM users upgrade their packages. IMPORTANT: after the upgrade, the GDM service has to be restarted if it was being used. One way to do so is to run the following commands as root: # init 3 This will take the system to text-mode login. After that, execute: # init 5 to take the system back to graphic-mode login. REFERENCES 1.http://www.5z.com/jirka/gdm.html 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0793 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0794 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/gdm-2.2.5.4-3U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/gdm-2.2.5.4-3U80_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/gdm-2.4.1.6-27238U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/gdm-2.4.1.6-27238U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/kCux42jd0JmAcZARArP1AKDpzPEo4wMFixo2gYsbvMlXvJmg9ACfe0zo LtoqK+QK1GOYw2duUX2ly1k= =Stdc -----END PGP SIGNATURE-----