SuSE Security Announcement: uucp (SuSE-SA:2001:38)

From: Thomas Biege (thomasat_private)
Date: Wed Oct 31 2001 - 08:47:27 PST

  • Next message: Bas Welman: "Re: Lotus Domino View ACL by-pass (#NISR29102001C)" 

    -----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package:                uucp
        Announcement-ID:        SuSE-SA:2001:38
        Date:                   Wednesday, October 31th, 2001 15.06 MEST
        Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
        Vulnerability Type:     local privilege escalations (probably root)
        Severity (1-10):        5
        SuSE default package:   no
        Other affected systems: all liunx-like systems using this version
                                of uucp

        Content of this advisory:
        1) security vulnerability resolved: uucp
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    UUCP is a well known tool suite for copying data between unix-like
    systems. Zen-Parse reported that the higher privileges of uux (UID
    uucp) aren't dropped if long options instead of normal (short) options
    are used. An attacker could exploit this hole, by specifying a malicious
    configuration file to execute and/or access arbitrary data with the
    privilege of user uucp.

    As a temporary fix, you could either uninstall uucp from your system,
    if not needed:
      - rpm -e uucp
    or remove the set[ug]id bit
      - chmod ug-s /usr/bin/uux

    Please, don't forget to add the permissions settings accordingly to
    your /etc/permissions.local file.


    Download the update package from locations described below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.



    i386 Intel Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/uucp-1.06.1-333.i386.rpm
      aec2eff9ec839494416563a39e72e57d
    SuSE-7.2
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/uucp-1.06.1-334.i386.rpm
      7a217616d5fb2a5b97378d1ae11157db
    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/uucp-1.06.1-334.i386.rpm
      bcb88eac8dfa4116c7f70b9d1ac1b483
    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/uucp-1.06.1-333.i386.rpm
      d9863b92f8d4e8edf7815b7b6b4bcca1
    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/uucp-1.06.1-333.i386.rpm
      8a484013119b91cd51f20de850ca9104
    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/uucp-1.06.1-333.i386.rpm
      2c4f73d6edf52d55ef279ed9e1b1456f



    Sparc Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/uucp-1.06.1-228.sparc.rpm
      4ac19a1bbbdc07719ed91f6ae13d95b3
    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/uucp-1.06.1-228.sparc.rpm
      112361714c8515a9a5e6142e7ade70c8



    AXP Alpha Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/uucp-1.06.1-227.alpha.rpm
      1dca3f2767ba8be87b03932258ee6c2c
    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/uucp-1.06.1-227.alpha.rpm
      d54fa66ef530df2ac25fa133a5d8d67b
    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/uucp-1.06.1-227.alpha.rpm
      d13335ad5561f59b2ad53424a977184c
    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/uucp-1.06.1-227.alpha.rpm
      456e11eb134f30b6056014d76351c31c



    PPC Power PC Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/uucp-1.06.1-225.ppc.rpm
      d586b5fc6551da4ddebf646e686d957c
    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/uucp-1.06.1-225.ppc.rpm
      2eda36d95758053066f552cd6284c53a
    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/uucp-1.06.1-225.ppc.rpm
      1157d1b6ebfcc36d425957a27bfa7c85


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - openssh
      After stabilizing the openssh package, updates for the distributions
      6.4-7.2 are currently being prepared. The update packages fix a security
      problem related to the recently discovered problems with source ip
      based access restrictions in a user's ~/.ssh/authorized_keys2 file.
      The packages will appear shortly on our ftp servers. Please note that
      packages for the distributions 6.3 and up including 7.0 containing
      cryptographic software are located on the German ftp server ftp.suse.de,
      all other packages can be found on ftp.suse.com at the usual location.
      We will issue a dedicated Security announcement for the openssh package.


______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-securityat_private
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribeat_private>.

    suse-security-announceat_private
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribeat_private>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-infoat_private> or
        <suse-security-faqat_private> respectively.

    ===============================================
    SuSE's security contact is <securityat_private>.
    ===============================================

______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBO+ASz3ey5gA9JdPZAQGtCgf9FtRZ3n+VH3ZtfoI8lu6k7qkedqqa0Igb
Utkko7jBCuD5GTvFpUtH3n2mm8kH++Z2DiSSgacj0OQJXl+pcdUtpSHnEYrtYiIy
RZXIE92uMVf6HIYXCdOsAyhsEytB1P23dyW1fK1wBPF3AJXc/l5++gG/rwAB+W3r
VY/JM2FVzTpAb3FsCUv3bwPy4/LMaJefqTErPkF7/MxclBX7AMnvbqxqqN8/1l1M
JRUcONwRnM3rYRvqby9/bYTrKCvpX/wNE6Gl/SXqkYGMAs1qTMJK069Oozk7Rr3d
GiVs/dTlhCFsSdlSB2XOsUFj8GwgCm4qWLRINOUdFCX2eyL8DrgUEw==
=bY/S
-----END PGP SIGNATURE-----

Bye,
     Thomas
-- 
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomasat_private      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
  Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 84

    This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 11:16:32 PST