Network Security Audits / Vulnerability Assessments by SecuritySpace

English | Deutsch | Español

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-79
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 27 Jul 2005
Last revised: 27 Jul 2005

Package: netkit-combo

Summary: Directory Traversal Vulnerability

More information:
    Netkit-combo is a package collenction of Internet tools.
    Directory Traversal vulnerability exists in the rcp protocol of netkit-combo.

Impact:
    This vulnerability may allow attackers to create arbitrary files.

Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server]
# turbopkg
or
# zabom -u biff finger ftp ntalk routed rsh rusers rwall rwho telnet timed writed

[other]
# turbopkg
or
# zabom update finger ftp routed rsh rusers rwall rwho telnet-client telnet-server timed writed
---------------------------------------------

<Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   netkit-combo-0.17-29.src.rpm
       789429 dae91b05311e5c3489eacac2f9d2ffa7

   Binary Packages
   Size: MD5

   finger-0.17-29.i586.rpm
        16907 65ab85178534efa8558ed65f494860d3
   ftp-0.17-29.i586.rpm
        48079 3a11a3555c62307b4f8e895bc6562aa7
   rsh-0.17-29.i586.rpm
        58273 12291eaafd99966925e1da5eb9a0f940
   telnet-0.17-29.i586.rpm
        69859 52f7ca7a88e000f8db1b9b0198624d7e

<Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   netkit-combo-0.17-29.src.rpm
       789429 fc46982abb3704f12dc4cc950e9d2396

   Binary Packages
   Size: MD5

   finger-0.17-29.i586.rpm
        17090 306da743f0d5da97b8e7a9b4c52d3731
   ftp-0.17-29.i586.rpm
        48265 8854811be483de4217f24e4208192de0
   rsh-0.17-29.i586.rpm
        58436 db0b370ccf82ddc5fb8ee3e8a8ad72ff
   telnet-0.17-29.i586.rpm
        70054 6a763cf391428a65b47672b64a07697f

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/netkit-combo-0.17-29.src.rpm
       789429 23455be4ed9c46b8b08db05f5b30923f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/finger-0.17-29.i586.rpm
        17697 0b74402041be9aeef8f816b4471eb431
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/ftp-0.17-29.i586.rpm
        49418 1a2bce5a38bbfb19e8a92634589fdba4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/routed-0.17-29.i586.rpm
        29716 cc0bb993e98949b43290ad8d93aa8d47
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/rsh-0.17-29.i586.rpm
        59153 ae08523e426199aa9d9d472e2164299c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/rusers-0.17-29.i586.rpm
        23314 a734142b8e77db3073d061cb032b0d9d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/rwall-0.17-29.i586.rpm
        15765 3bb16c72b51c61b5f7f2f6cdc6b4b4c0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/rwho-0.17-29.i586.rpm
        22312 83ad3d4e076dd9fbf0127eca50949ef5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/telnet-client-0.17-29.i586.rpm
        48824 1dd381c4b73748800b0c2bfb833eb399
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/telnet-server-0.17-29.i586.rpm
        29073 54e6db6ef75689316f63f63a1fdfd184
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/timed-0.17-29.i586.rpm
        36720 2d912bc0d670258db70dd0a16811f3a3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/writed-0.17-29.i586.rpm
         9925 9f92914dcef1d862759d3e0e4e685d94

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netkit-combo-0.17-29.src.rpm
       789429 e3f00eb78974bf69581156bb2c0581ae

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/biff-0.17-29.i586.rpm
        14790 70f93a7e9b7a2a4a45e3f35b7cd7b9dd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/finger-0.17-29.i586.rpm
        17091 05d392ff6a93b99729bf8a633b408102
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ftp-0.17-29.i586.rpm
        48246 0dbe521dd5b56bbcd7adfd7307f77e63
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ntalk-0.17-29.i586.rpm
        25994 856b0ade6f1975b98f5e8115c52c74a3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/routed-0.17-29.i586.rpm
        28996 83c9e18e14733993dbfd88d5d85a823a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rsh-0.17-29.i586.rpm
        58447 ed16790360c31c279e730bc73a16b0b3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rusers-0.17-29.i586.rpm
        23589 3865a3bba4c39abbee83112ad8a1a0af
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rwall-0.17-29.i586.rpm
        15196 f1aef50d63ad580b4684eec4756677e0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rwho-0.17-29.i586.rpm
        21808 31b3844036c8a75c47fc3beddea389d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/telnet-0.17-29.i586.rpm
        70107 957cc47f2f9a9c704c60adfb3b3a439d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/timed-0.17-29.i586.rpm
        36258 85d465b1968602c8e3fc211b7bcc41c3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/writed-0.17-29.i586.rpm
         9424 eef2dfbd6b3fa2b9bb5a7006886e024c

<Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netkit-combo-0.17-29.src.rpm
       789429 e1adc7d00c6fe1c97067ac13da87ef70

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/biff-0.17-29.i586.rpm
        14783 c17e2c9f00bf5c8ebecaa89055c9c94f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/finger-0.17-29.i586.rpm
        17097 c9e1996b06f08ecb826b07c3e7b9cfa7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ftp-0.17-29.i586.rpm
        48270 3b13e5c6b7367a3483392cd69397bb91
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ntalk-0.17-29.i586.rpm
        25988 04f18b20b0539bcea8c921e8c434f917
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/routed-0.17-29.i586.rpm
        29021 14f8a8bbae61154abf2c22f80b4728e4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rsh-0.17-29.i586.rpm
        58418 edb82abea99d41aef9021fed2959d660
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rusers-0.17-29.i586.rpm
        23574 ae3335e2c61cd691a46e2ebc3e94dad1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rwall-0.17-29.i586.rpm
        15201 71e7d0bce641ddf1f82a2e341d3648de
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rwho-0.17-29.i586.rpm
        21814 c30bf36b9ba11a02503e124ec67c6d78
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/telnet-0.17-29.i586.rpm
        70064 88bfc7050f547e85e34c2306a51ca08f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/timed-0.17-29.i586.rpm
        36292 e3d28ac5ba17c2ff3f01884454368f51
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/writed-0.17-29.i586.rpm
         9440 5b12a631094b5dff171d848d0679f842

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netkit-combo-0.17-29.src.rpm
       789429 dc7cb3f2fc9cb3b052d4558960991ddf

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/biff-0.17-29.i586.rpm
        14773 269cfb244ace407bb0937fad45bbafa7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/finger-0.17-29.i586.rpm
        17194 e7ea6818fa73f187cdd5fd9bf280c1f0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ftp-0.17-29.i586.rpm
        47001 986dc8c63574c28cedad19a5683b5508
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ntalk-0.17-29.i586.rpm
        25767 0c7eb9537999956e428a44188b355682
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/routed-0.17-29.i586.rpm
        28372 8f36224416f730edfd47bd2dd71bfcec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rsh-0.17-29.i586.rpm
        57932 10e0cba98f75fc05a975835252feaf67
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rusers-0.17-29.i586.rpm
        23237 295e213984f9695e432e6f7dd0446df4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rwall-0.17-29.i586.rpm
        15228 addcd5cc7614b9c7e7d7069f993fa927
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rwho-0.17-29.i586.rpm
        21882 58fe989d7f7b26029c6048b0e9a5a6ad
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/telnet-0.17-29.i586.rpm
        67983 0f09dd2080596eb5084188542a634ab5
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/tftp-0.17-29.i586.rpm
        23105 3acdfbf2ed1bd7c2c79ace63d22d41fc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/timed-0.17-29.i586.rpm
        35276 e8a45d9b0f74b7a77fd2666ac98a8548
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/writed-0.17-29.i586.rpm
         9372 ff67cfb70d58714ef44021a65c9a2b1c

<Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netkit-combo-0.17-29.src.rpm
       789429 e6b1bcf92de14c04f4ab426aaffef625

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/biff-0.17-29.i586.rpm
        14779 33bd7302ada20ac5ab1aa74bfd9a3201
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/bootparamd-0.17-29.i586.rpm
        15803 e6d3480116a73e76bac6d19c4679615c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/finger-0.17-29.i586.rpm
        17197 ea0245e5a1015b685060e9d60018c7ec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ftp-0.17-29.i586.rpm
        47042 21bd2fd0b2450694bb1db6c341fa8fa4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ntalk-0.17-29.i586.rpm
        25800 b95045c27e341ef5a5c04b7a7e9beb9e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/routed-0.17-29.i586.rpm
        28384 1a904d305265bfd4921e72ac1fcbca1f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rsh-0.17-29.i586.rpm
        57954 e8d27317a9e3e87e25f23a6c1947889d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rusers-0.17-29.i586.rpm
        23202 1126a1864726d3013ec487fc54535265
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rwall-0.17-29.i586.rpm
        15234 6ba96956f9b28764daa7e50596b6cbba
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rwho-0.17-29.i586.rpm
        21862 c0c25443138f130483ae769d2c3ac6e8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/telnet-0.17-29.i586.rpm
        67885 8877a69cd4a7ddfb2202915a5401f451
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/tftp-0.17-29.i586.rpm
        23125 3713262a403d1fc8b81a237938744f2c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/timed-0.17-29.i586.rpm
        35327 4fb5fec60da14afbba4d093f91e68015
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/writed-0.17-29.i586.rpm
         9369 27bfc74cc47d061ec729d5ceb9a9866f

References:

CVE
   [CAN-2004-0175]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175

--------------------------------------------------------------------------
Revision History
    27 Jul 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC5v/3K0LzjOqIJMwRApHdAJ470Lj2bSOqeed35ppJaH0Qv3KnSQCgvnX/
HOD4iNRPjmM57rnLuBxmDCY=
=nkAQ
-----END PGP SIGNATURE-----

© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.