aru Posted March 14, 2003 Report Share Posted March 14, 2003 MandrakeSoft Security Advisory MDKSA-2003:031-1 : usermode March 14th, 2003 Updated usermode packages remove insecure shutdown command The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion. Update: The previous updated packages did not properly fix the problem. The pam files that allow a (physically) local user to shutdown were not removed. This has been corrected. The released versions of Mandrake GNU/Linux affected are: 8.1 [*] 8.1/IA64 [*] 8.2 [*] 8.2/PPC [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 All the information about this advisory is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:031-1 This stuff was posted automatically by aru [edit]Changed title to avoid confusions[/edit] Quote Link to comment Share on other sites More sharing options...
aru Posted March 14, 2003 Author Report Share Posted March 14, 2003 Well, ..., I'm the best 8) I did already posted that solution at: http://www.mandrakeusers.org/viewtopic.php?t=3610 Just my pathetic minute of glory :mrgreen: Quote Link to comment Share on other sites More sharing options...
Guest ndeb Posted March 15, 2003 Report Share Posted March 15, 2003 The updates for mandrake-9.0 are in ftp://mirrors.secsup.org/pub/linux/mandra...pdates/9.0/RPMS even though the advisory does not list the rpms for mandrake-9.0 yet (which is strange because this bogus bug-fix was discovered on a mandrake-9.0 system). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.