To: bugtraqat_private announceat_private security-alertsat_private full-disclosureat_private ______________________________________________________________________________ SCO Security Advisory Subject: Linux: python insecure temporary files in os._execvpe Advisory number: CSSA-2002-045.0 Issue date: 2002 November 14 Cross reference: ______________________________________________________________________________ 1. Problem Description os._execvpe from os.py in Python creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to python-1.5.2-23.i386.rpm prior to python-devel-1.5.2-23.i386.rpm prior to python-docs-1.5.2-23.i386.rpm prior to python-tools-1.5.2-23.i386.rpm OpenLinux 3.1.1 Workstation prior to python-1.5.2-23.i386.rpm prior to python-devel-1.5.2-23.i386.rpm prior to python-docs-1.5.2-23.i386.rpm prior to python-tools-1.5.2-23.i386.rpm OpenLinux 3.1 Server prior to python-1.5.2-23.i386.rpm prior to python-devel-1.5.2-23.i386.rpm prior to python-docs-1.5.2-23.i386.rpm prior to python-tools-1.5.2-23.i386.rpm OpenLinux 3.1 Workstation prior to python-1.5.2-23.i386.rpm prior to python-devel-1.5.2-23.i386.rpm prior to python-docs-1.5.2-23.i386.rpm prior to python-tools-1.5.2-23.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-045.0/RPMS 4.2 Packages d02a87d515a2e0295b61a70e21d85d67 python-1.5.2-23.i386.rpm f026986740ce3b24aa75a6ef6d6f813d python-devel-1.5.2-23.i386.rpm a4d8a3a8a6011f4d87d1a3c3e75150d1 python-docs-1.5.2-23.i386.rpm 6283c3abfb5a339d6f3c8e1b2b0304fc python-tools-1.5.2-23.i386.rpm 4.3 Installation rpm -Fvh python-1.5.2-23.i386.rpm rpm -Fvh python-devel-1.5.2-23.i386.rpm rpm -Fvh python-docs-1.5.2-23.i386.rpm rpm -Fvh python-tools-1.5.2-23.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-045.0/SRPMS 4.5 Source Packages 3041180ed79446f6a8cd8cfedff00c26 python-1.5.2-23.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-045.0/RPMS 5.2 Packages 6d2e343894471d4a93526a50e58af0a0 python-1.5.2-23.i386.rpm b6deb353e9a98e9b0e340e8b477a824a python-devel-1.5.2-23.i386.rpm 7add35e7aef1386039852737a86ddbee python-docs-1.5.2-23.i386.rpm 6171e897385c76edf00c0e02f08347cf python-tools-1.5.2-23.i386.rpm 5.3 Installation rpm -Fvh python-1.5.2-23.i386.rpm rpm -Fvh python-devel-1.5.2-23.i386.rpm rpm -Fvh python-docs-1.5.2-23.i386.rpm rpm -Fvh python-tools-1.5.2-23.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-045.0/SRPMS 5.5 Source Packages 0ab0a2c193ec4031d706648ab2b3b9d1 python-1.5.2-23.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-045.0/RPMS 6.2 Packages d294fd2d394f464e21866a08e0023b08 python-1.5.2-23.i386.rpm 4c17a3b0bc297dd2efe5cd1857894ac7 python-devel-1.5.2-23.i386.rpm ed4acb8309c022ed86ca6f70d6a76977 python-docs-1.5.2-23.i386.rpm 3fc021186ac2ff05af448c945481a6d5 python-tools-1.5.2-23.i386.rpm 6.3 Installation rpm -Fvh python-1.5.2-23.i386.rpm rpm -Fvh python-devel-1.5.2-23.i386.rpm rpm -Fvh python-docs-1.5.2-23.i386.rpm rpm -Fvh python-tools-1.5.2-23.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-045.0/SRPMS 6.5 Source Packages fd76ce8a916c54b2bb39c59dfab108ab python-1.5.2-23.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-045.0/RPMS 7.2 Packages 63778bc0ecd4b9d0bea8d13f0c8f6675 python-1.5.2-23.i386.rpm e0321c8e207b61596f0a229c5a39d637 python-devel-1.5.2-23.i386.rpm c990c27494f5be2197d04a9547e7fa6b python-docs-1.5.2-23.i386.rpm 8af51bc909042691f3578fcc5c3e2ca2 python-tools-1.5.2-23.i386.rpm 7.3 Installation rpm -Fvh python-1.5.2-23.i386.rpm rpm -Fvh python-devel-1.5.2-23.i386.rpm rpm -Fvh python-docs-1.5.2-23.i386.rpm rpm -Fvh python-tools-1.5.2-23.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-045.0/SRPMS 7.5 Source Packages 9dcbab4cbf814be8291b5a68241176f2 python-1.5.2-23.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr868648, fz525980, erg712115. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________
This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 15:01:39 PST