COMMAND
/bin/login
SYSTEMS AFFECTED
Red Hat 4.0
PROBLEM
There is a buffer overrun in /bin/login which has the potential to
allow any user of your system to gain root access.
util-linux-2.5-29 contains a fix for this and is available for
Red Hat Linux 4.0 on all four platforms. Red Hat strongly
recommend that all of Red Hat 4.0 usres apply this fix. This
information was brought to public thanks to Erik Troan.
SOLUTION
Users of Red Hat Linux versions earlier then 4.0 should upgrade
to 4.0 and then apply all available security pacakges.
Users whose computers have direct internet connections may apply
this update by using one of the following commands:
Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm
Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm
SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm
All of these packages have been signed with Red Hat's PGP key.