COMMAND

    doesmu & libtermcap

SYSTEMS AFFECTED

    RedHat 4.2, 5.0, 5.1

PROBLEM

    Security problems have been found in dosemu and libtermcap.  These
    security problems allow  users on your  local system to  gain root
    access, and should be fixed as soon as possible.

SOLUTION

    Patches for Red Hat 5.0 and 5.1:

        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/dosemu-0.66.7-7.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/libtermcap-2.0.8-9.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/libtermcap-2.0.8-9.alpha.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.0/sparc/libtermcap-2.0.8-9.sparc.rpm

    Patches for Red Hat 4.2:

        rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/dosemu-0.66.7-0.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/libtermcap-2.0.8-4.1.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/libtermcap-2.0.8-4.1.alpha.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/libtermcap-2.0.8-4.1.sparc.rpm

    Beware the fix to libtermcap.  Sure, it closes the root hole,  but
    it  also  keeps  users  from   running  most  programs  that   use
    libtermcap.  The patch includes

        if(setfsuid(getuid()))
               return NULL;

    The setfsuid(getuid())  will always  succeed (so  the test  is not
    necessary), but it  returns the previous  fsuid on success.   That
    will only be  0 when the  program is setuid-root  or being run  by
    root, so for most programs run  by normal users, the call to  open
    the termcap file fails.  Change the patch to just be

        setfsuid(getuid());

    and it will work fine.  The same goes for the setfsgid() call.