Skip to navigation

Security Advisory Low: busybox security update

Advisory: RHSA-2007:0244-9
Type: Security Advisory
Severity: Low
Issued on: 2007-05-01
Last updated on: 2007-05-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-1058

Details

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
busybox-1.00.rc1-7.el4.src.rpm
File outdated by:  RHBA-2007:0623
    MD5: ea2688de7955de4405bfc008b05378c3
 
IA-32:
busybox-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: 0c75c06c661fa74ae832fcc4a7153ab8
busybox-anaconda-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: daf7431daa3182f804f1b894dadab07f
 
x86_64:
busybox-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: e5a89cfec326d1a3ad4b20c0c2c491b6
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: b43c019639dff4050734fb850aecdd1e
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
busybox-1.00.rc1-7.el4.src.rpm
File outdated by:  RHBA-2007:0623
    MD5: ea2688de7955de4405bfc008b05378c3
 
IA-32:
busybox-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: 0c75c06c661fa74ae832fcc4a7153ab8
busybox-anaconda-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: daf7431daa3182f804f1b894dadab07f
 
IA-64:
busybox-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 18a46f64c36e642650a9ebb363b54b0e
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 3b590129989305b1c24a1de53c7ae08d
 
PPC:
busybox-1.00.rc1-7.el4.ppc.rpm
File outdated by:  RHBA-2007:0623
    MD5: fc6013011a2d944a442901c8a0de1400
busybox-anaconda-1.00.rc1-7.el4.ppc.rpm
File outdated by:  RHBA-2007:0623
    MD5: db566bb18a8f8e94867a72ca6b0fcffe
 
s390:
busybox-1.00.rc1-7.el4.s390.rpm
File outdated by:  RHBA-2007:0623
    MD5: 11d4fee314ba2cd27668ac83c3578d60
busybox-anaconda-1.00.rc1-7.el4.s390.rpm
File outdated by:  RHBA-2007:0623
    MD5: 512b3cebe22667f0302529ab275f385e
 
s390x:
busybox-1.00.rc1-7.el4.s390x.rpm
File outdated by:  RHBA-2007:0623
    MD5: 411da7f089bd7137bc8e87e16433873b
busybox-anaconda-1.00.rc1-7.el4.s390x.rpm
File outdated by:  RHBA-2007:0623
    MD5: 955f8e60ee02fbf5006990ed3ce8320c
 
x86_64:
busybox-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: e5a89cfec326d1a3ad4b20c0c2c491b6
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: b43c019639dff4050734fb850aecdd1e
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
busybox-1.00.rc1-7.el4.src.rpm
File outdated by:  RHBA-2007:0623
    MD5: ea2688de7955de4405bfc008b05378c3
 
IA-32:
busybox-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: 0c75c06c661fa74ae832fcc4a7153ab8
busybox-anaconda-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: daf7431daa3182f804f1b894dadab07f
 
IA-64:
busybox-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 18a46f64c36e642650a9ebb363b54b0e
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 3b590129989305b1c24a1de53c7ae08d
 
x86_64:
busybox-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: e5a89cfec326d1a3ad4b20c0c2c491b6
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: b43c019639dff4050734fb850aecdd1e
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
busybox-1.00.rc1-7.el4.src.rpm
File outdated by:  RHBA-2007:0623
    MD5: ea2688de7955de4405bfc008b05378c3
 
IA-32:
busybox-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: 0c75c06c661fa74ae832fcc4a7153ab8
busybox-anaconda-1.00.rc1-7.el4.i386.rpm
File outdated by:  RHBA-2007:0623
    MD5: daf7431daa3182f804f1b894dadab07f
 
IA-64:
busybox-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 18a46f64c36e642650a9ebb363b54b0e
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm
File outdated by:  RHBA-2007:0623
    MD5: 3b590129989305b1c24a1de53c7ae08d
 
x86_64:
busybox-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: e5a89cfec326d1a3ad4b20c0c2c491b6
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm
File outdated by:  RHBA-2007:0623
    MD5: b43c019639dff4050734fb850aecdd1e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt


References


Keywords

passwd, password, salt


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/