Originally Published: Tuesday, 4 July 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Red Hat Security Advisory - imwheel

Multiple local vulnerabilities exist in imwheel, a symlink problem and a possibility to kill the imwheel process. Red Hat recommends to deinstall imwheel.

   Page 1 of 1  

To: redhat-watch-list@redhat.com From: bugzilla@redhat.com Cc: linux-security@redhat.com, bugtraq@securityfocus.com Subject: [linux-security] [RHSA-2000:016-03] Multiple local imwheel vulnerabilities

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory

Synopsis: Multiple local imwheel vulnerabilities Advisory ID: RHSA-2000:016-03 Issue date: 2000-04-20 Updated on: 2000-07-03 Product: Red Hat Powertools Keywords: imwheel buffer imwheel-solo Cross references: N/A ---------------------------------------------------------------------

1. Topic:

Multiple vulnerabilities exist in imwheel.

2. Relevant releases/architectures:

Red Hat Powertools 6.1 - i386 alpha sparc Red Hat Powertools 6.2 - i386 alpha sparc

3. Problem description:

Multiple local vulnerabilities exist in imwheel.

* Read access violations where there is no checking of the file itself, it follows a symlink blindly.

* Perl wrapper might allow other users on the machine to kill the imwheel process.

4. Solution:

Because the core functionality of imwheel has been incorporated into many existing applications, removing imwheel will not incur a significant loss of functionality.

If the machine which has imwheel installed is not a single user machine we recommend removing imwheel. To remove imwheel run this command:

rpm -e imwheel

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):


6. RPMs required:


7. Verification:

MD5 sum Package Name -------------------------------------------------------------------------- N/A

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

8. References:


   Page 1 of 1