-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux - uucp argument handling problems
Advisory number: CSSA-2001-033.0
Issue date: 2001, September 07
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a argument handling problem which allows a local attacker to
gain access to the uucp group. Using this access the attacker could
use badly written scripts to gain access to the root account.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
uucp-1.06.2-8OL
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder uucp-1.06.2-8OL
OpenLinux eDesktop 2.4 All packages previous to
uucp-1.06.2-8OL
OpenLinux Server 3.1 All packages previous to
uucp-1.06.2-8
OpenLinux Workstation 3.1 All packages previous to
uucp-1.06.2-8
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
dd0f6e46374d62c349bf7a1f618a23a0 RPMS/uucp-1.06.2-8OL.i386.rpm
33b96ff362a261b87f73b2377fa20a5d RPMS/uucp-doc-1.06.2-8OL.i386.rpm
e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
uucp-doc-1.06.2-8OL.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
ee5c7f9bf1887d3c34f8c232b70a84b7 RPMS/uucp-1.06.2-8OL.i386.rpm
26f7f712e318c63a5deea1474a58e06f RPMS/uucp-doc-1.06.2-8OL.i386.rpm
e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
uucp-doc-1.06.2-8OL.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
1f00b87ce48e72d8a4bd754123d554d4 RPMS/uucp-1.06.2-8OL.i386.rpm
c00296b93945c8778c46252e975818d2 RPMS/uucp-doc-1.06.2-8OL.i386.rpm
e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
uucp-doc-1.06.2-8OL.i386.rpm
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
4e3b47bc507d48bf9396e70c806d9a8e RPMS/uucp-1.06.2-8.i386.rpm
41cabb92a4eb86310d01c6a6b2f7453b RPMS/uucp-doc-html-1.06.2-8.i386.rpm
d06d2cd63b739895ebf82fa361266f16 RPMS/uucp-doc-ps-1.06.2-8.i386.rpm
6f3e6037bd3839380f9a4104e55a9a73 SRPMS/uucp-1.06.2-8.src.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh uucp-1.06.2-8.i386.rpm \
uucp-doc-html-1.06.2-8.i386.rpm \
uucp-doc-ps-1.06.2-8.i386.rpm
8. OpenLinux 3.1 Workstation
8.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
8.2 Verification
4e3b47bc507d48bf9396e70c806d9a8e RPMS/uucp-1.06.2-8.i386.rpm
41cabb92a4eb86310d01c6a6b2f7453b RPMS/uucp-doc-html-1.06.2-8.i386.rpm
d06d2cd63b739895ebf82fa361266f16 RPMS/uucp-doc-ps-1.06.2-8.i386.rpm
6f3e6037bd3839380f9a4104e55a9a73 SRPMS/uucp-1.06.2-8.src.rpm
8.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh uucp-1.06.2-8.i386.rpm \
uucp-doc-html-1.06.2-8.i386.rpm \
uucp-doc-ps-1.06.2-8.i386.rpm
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10430.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
11. Acknowledgements
Caldera International wishes to thank Zen Parse for reporting this
problem.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7mLNh18sy83A/qfwRAjufAJ9EDB62Ytxhmm7btRwdaBqFKTefhgCeJLeG
N+UBsH+SqoY7LRBr7hIRE48=
=ukQY
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 16:04:19 PDT