Issued:
2007-05-01
Updated:
2007-05-01

RHSA-2007:0244 - Security Advisory

Synopsis

Low: busybox security update

Type/Severity

Security Advisory: Low

Topic

Updated busybox packages that fix a security issue are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

Busybox is a single binary which includes versions of a large number of
system commands, including a shell. This package can be useful for
recovering from certain types of system failures.

BusyBox did not use a salt when generating passwords. This made it
easier for local users to guess passwords from a stolen password file.
(CVE-2006-1058)

All users of busybox are advised to upgrade to these updated packages,
which contain a patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 187385 - CVE-2006-1058 BusyBox passwd command fails to generate password with salt

CVEs

References

Red Hat Enterprise Linux Server 4

SRPM
busybox-1.00.rc1-7.el4.src.rpm SHA-256: 63680983ba608001e32cb1e9608594042c7a60ef6a6aded81575721c288a5e30
x86_64
busybox-1.00.rc1-7.el4.x86_64.rpm SHA-256: f9a9a9bde97de52eb0541badf690c01ca965204d6cf5a3652506acc572e7027f
busybox-1.00.rc1-7.el4.x86_64.rpm SHA-256: f9a9a9bde97de52eb0541badf690c01ca965204d6cf5a3652506acc572e7027f
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm SHA-256: bf0a5803811796d9e25387740ec7622eef0473e1dc00fc7aa93dc6bc3cacfe58
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm SHA-256: bf0a5803811796d9e25387740ec7622eef0473e1dc00fc7aa93dc6bc3cacfe58
ia64
busybox-1.00.rc1-7.el4.ia64.rpm SHA-256: 2ebced3ac2a8853b62d62f20151e877bcbf472d555b7129e3e3b90a58f13d78b
busybox-1.00.rc1-7.el4.ia64.rpm SHA-256: 2ebced3ac2a8853b62d62f20151e877bcbf472d555b7129e3e3b90a58f13d78b
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm SHA-256: b7848f20731e54f426a9d35a95db2fd5621566315c6d11a9047e72d6229a5e73
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm SHA-256: b7848f20731e54f426a9d35a95db2fd5621566315c6d11a9047e72d6229a5e73
i386
busybox-1.00.rc1-7.el4.i386.rpm SHA-256: 6f4ff466268ceea02a1850afcf09c01d8b7ae6b02a9c315563494a54f636cab5
busybox-1.00.rc1-7.el4.i386.rpm SHA-256: 6f4ff466268ceea02a1850afcf09c01d8b7ae6b02a9c315563494a54f636cab5
busybox-anaconda-1.00.rc1-7.el4.i386.rpm SHA-256: 838b075c5917f2ac8a8067259cbd80ca26c93dcc8be9389b6760523193481511
busybox-anaconda-1.00.rc1-7.el4.i386.rpm SHA-256: 838b075c5917f2ac8a8067259cbd80ca26c93dcc8be9389b6760523193481511

Red Hat Enterprise Linux Workstation 4

SRPM
busybox-1.00.rc1-7.el4.src.rpm SHA-256: 63680983ba608001e32cb1e9608594042c7a60ef6a6aded81575721c288a5e30
x86_64
busybox-1.00.rc1-7.el4.x86_64.rpm SHA-256: f9a9a9bde97de52eb0541badf690c01ca965204d6cf5a3652506acc572e7027f
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm SHA-256: bf0a5803811796d9e25387740ec7622eef0473e1dc00fc7aa93dc6bc3cacfe58
ia64
busybox-1.00.rc1-7.el4.ia64.rpm SHA-256: 2ebced3ac2a8853b62d62f20151e877bcbf472d555b7129e3e3b90a58f13d78b
busybox-anaconda-1.00.rc1-7.el4.ia64.rpm SHA-256: b7848f20731e54f426a9d35a95db2fd5621566315c6d11a9047e72d6229a5e73
i386
busybox-1.00.rc1-7.el4.i386.rpm SHA-256: 6f4ff466268ceea02a1850afcf09c01d8b7ae6b02a9c315563494a54f636cab5
busybox-anaconda-1.00.rc1-7.el4.i386.rpm SHA-256: 838b075c5917f2ac8a8067259cbd80ca26c93dcc8be9389b6760523193481511

Red Hat Enterprise Linux Desktop 4

SRPM
busybox-1.00.rc1-7.el4.src.rpm SHA-256: 63680983ba608001e32cb1e9608594042c7a60ef6a6aded81575721c288a5e30
x86_64
busybox-1.00.rc1-7.el4.x86_64.rpm SHA-256: f9a9a9bde97de52eb0541badf690c01ca965204d6cf5a3652506acc572e7027f
busybox-anaconda-1.00.rc1-7.el4.x86_64.rpm SHA-256: bf0a5803811796d9e25387740ec7622eef0473e1dc00fc7aa93dc6bc3cacfe58
i386
busybox-1.00.rc1-7.el4.i386.rpm SHA-256: 6f4ff466268ceea02a1850afcf09c01d8b7ae6b02a9c315563494a54f636cab5
busybox-anaconda-1.00.rc1-7.el4.i386.rpm SHA-256: 838b075c5917f2ac8a8067259cbd80ca26c93dcc8be9389b6760523193481511

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
busybox-1.00.rc1-7.el4.src.rpm SHA-256: 63680983ba608001e32cb1e9608594042c7a60ef6a6aded81575721c288a5e30
s390x
busybox-1.00.rc1-7.el4.s390x.rpm SHA-256: ce124aade49e63b6d6d17da29e646248b0a0f037aba6a5a5cdf1457470d162d3
busybox-anaconda-1.00.rc1-7.el4.s390x.rpm SHA-256: b461e59b3505526b44340f0547c9a74719059706b09dbfe281e88d6f8fb389cb
s390
busybox-1.00.rc1-7.el4.s390.rpm SHA-256: 71bafa47fb2b98bb7fd04d79e28b221d32ef661d01cc30adf468fe86afd81f85
busybox-anaconda-1.00.rc1-7.el4.s390.rpm SHA-256: 3f816c9140216a00d92a6ac621895827085c81f50978b147873d5478a6982bd6

Red Hat Enterprise Linux for Power, big endian 4

SRPM
busybox-1.00.rc1-7.el4.src.rpm SHA-256: 63680983ba608001e32cb1e9608594042c7a60ef6a6aded81575721c288a5e30
ppc
busybox-1.00.rc1-7.el4.ppc.rpm SHA-256: 54ddb58a25335bf029d5ac55886d429c53b0a3daddaec7d83a85c0e82d1c977b
busybox-anaconda-1.00.rc1-7.el4.ppc.rpm SHA-256: 3c5ba198c5ca42ccc766891f23b828a4f92dc0e6901c5734448d7bda52012d61

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.