• info
• discussion
• exploit
• solution
• references

Multiple Vendor dump Insecure Environment Variables Vulnerability

Solution:
Patches available:


RedHat dump 0.4 b15-1

• Red Hat Inc. 5.2 alpha dump-0.4b19-5.5x.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/dump-0.4b19-5.5x.alpha.rpm


• Red Hat Inc. 5.2 alpha dump-static-0.4b19-5.5x.alpha.rpm
  http://www.securityfocus.com/external/ftp://updates.redhat.com/5.2/alp ha/dump-static-0.4b19-5.5x.alpha.rpm


• Red Hat Inc. 5.2 alpha rmt-0.4b19-5.5x.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/rmt-0.4b19-5.5x.alpha


• Red Hat Inc. 5.2 i386 dump-0.4b19-5.5x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/dump-0.4b19-5.5x.i386.rpm


• Red Hat Inc. 5.2 i386 dump-static-0.4b19-5.5x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/dump-static-0.4b19-5.5x.i386.rpm


• Red Hat Inc. 5.2 i386 rmt-0.4b19-5.5x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/rmt-0.4b19-5.5x.i386.rpm


• Red Hat Inc. 5.2 source dump-0.4b19-5.5x.src.rpm
  ftp://updates.redhat.com/5.2/SRPMS/dump-0.4b19-5.5x.src.rpm


• Red Hat Inc. 5.2 sparc dump-0.4b19-5.5x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/dump-0.4b19-5.5x.sparc.rpm


• Red Hat Inc. 5.2 sparc dump-static-0.4b19-5.5x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/dump-static-0.4b19-5.5x.sparc.rpm


• Red Hat Inc. 5.2 sparc rmt-0.4b19-5.5x.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/rmt-0.4b19-5.5x.sparc.rpm


• Red Hat Inc. 6.2 alpha dump-0.4b19-5.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/dump-0.4b19-5.6x.alpha.rpm


• Red Hat Inc. 6.2 alpha dump-static-0.4b19-5.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/dump-static-0.4b19-5.6x.alpha.rpm


• Red Hat Inc. 6.2 alpha rmt-0.4b19-5.6x.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/rmt-0.4b19-5.6x.alpha.rpm


• Red Hat Inc. 6.2 i386 dump-0.4b19-5.6x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/dump-0.4b19-5.6x.i386.rpm


• Red Hat Inc. 6.2 i386 dump-static-0.4b19-5.6x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/dump-static-0.4b19-5.6x.i386.rpm


• Red Hat Inc. 6.2 i386 rmt-0.4b19-5.6x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/rmt-0.4b19-5.6x.i386.rpm


• Red Hat Inc. 6.2 source dump-0.4b19-5.6x.src.rpm
  ftp://updates.redhat.com/6.2/SRPMS/dump-0.4b19-5.6x.src.rpm


• Red Hat Inc. 6.2 sparc dump-0.4b19-5.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/dump-0.4b19-5.6x.sparc.rpm


• Red Hat Inc. 6.2 sparc dump-static-0.4b19-5.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/dump-static-0.4b19-5.6x.sparc.rpm


• Red Hat Inc. 6.2 sparc rmt-0.4b19-5.6x.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/rmt-0.4b19-5.6x.sparc.rpm

NetBSD NetBSD 1.5

• NetBSD SA2001-014-dump-1.5.patch
  ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-014-dump-1.5.p atch

NetBSD NetBSD 1.5.1

• NetBSD SA2001-014-dump-1.5.patch
  ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-014-dump-1.5.p atch

Wirex Immunix OS 6.2

• Wirex 6.2 i386 dump-0.4b19-5.6x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/dump-0.4b19-5.6x_StackGu ard.i386.rpm


• WireX 6.2 i386 dump-static-0.4b19-5.6x_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/dump-static-0.4b19-5.6x_ StackGuard.i386.rpm