Tmpwatch Arbitrary Command Execution Vulnerability

Solution:
Do not use the --fuser or -s options with tmpwatch.

Red Hat:

Red Hat has issued the following RPMs that contain fixes for this vulnerability.

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/tmpwatch-2.6.2-1.6.2.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/tmpwatch-2.6.2-1.6.2.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/tmpwatch-2.6.2-1.6.2.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/tmpwatch-2.6.2-1.6.2.src.rpm

Red Hat Linux 7.0:

i386:
ftp://updates.redhat.com/7.0/i386/tmpwatch-2.6.2-1.7.i386.rpm

sources:
ftp://updates.redhat.com/7.0/SRPMS/tmpwatch-2.6.2-1.7.src.rpm

Immunix:

Immunix OS 6.2 (StackGuarded
versions of the RedHat packages.) They can be found at:

http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/tmpwatch-2.6.2-1.6.2_StackGuard.i386.rpm

or

http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/tmpwatch-2.6.2-1.6.2_StackGuard.src.rpm

Trustix:

All users of TSL should upgrade to the new rpm:
tmpwatch-2.6.2-1tr.i586.rpm (MD5sum: 3200b3812bfe6e87f326e240fed0686a)

This file can be found at:

http://www.trustix.net/download/Trustix/updates/1.1/RPMS/

or
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/



 

Privacy Statement
Copyright 2010, SecurityFocus