Advisories:rPSA-2008-0318
From rPath Wiki
rPath Security Advisory 2008-0318-2
Published: 2008-11-12
Updated
- 2008-11-13 corrected path to rapa-console program
Products
- rPath Appliance Platform Linux Service 1
- rPath Appliance Platform Linux Service 2
- rPath Linux 1
- rPath Linux 2
Rating
- Major
Exposure Level Classification
- Local Root Deterministic Denial of Service
Updated Versions
- initscripts=conary.rpath.com@rpl:1/8.12-8.22-1
- initscripts=conary.rpath.com@rpl:2/8.56.15-0.2-1
rPath Issue Tracking System
References
Description
- Previous versions of the initscripts package are vulnerable to a Denial
- of Service attack in which a local user may cause arbitrary files to
- be deleted at next boot time by creating symlinks under various /var
- subdirectories.
- A future release of rPath Appliance Platform Agent (rAPA)
- will contain a text-mode console that allows initial network
- configuration to be done from the text console when an appliance
- cannot be initially configured via DHCP. The initscripts package
- has been enhanced to support this text-mode console functionality.
- If the /usr/bin/rapa-console program (which will be available as part
- of the rapa-console package) is installed on the system, then it
- will be run on virtual console 1 instead of a standard shell login
- session. The login information used for this text-mode console is
- the rAPA user login information, not system user login information.
- 13 November 2008 Update: corrected path to rapa-console program
Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html