-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: several /tmp race conditions in lisa Advisory number: CSSA-2000-010.0 Issue date: 2000 April, 26 Cross reference: ______________________________________________________________________________ 1. Problem Description LISA is a non-graphical administration tool for users working at the console, or remotely through e.g. a telnet session. Versions of LISA prior to version 4.1 had several problems in the way they handled temporary files. These allowed a local user to execute shell commands under the identity of the user running LISA, usually root. Note that these holes can be exploited only if you perform administration tasks using LISA. If you never use LISA, you are not affected by these bugs. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to lisa-4.1-3 OpenLinux eServer 2.3 All packages previous to lisa-4.1-3 OpenLinux eDesktop 2.4 All packages previous to lisa-4.1-3 3. Solution Workaround: Edit /etc/lst.cnf, and look for a line that reads mkdir -p $DIR_LST_TMP Replace this line with the following two: rm -rf $DIR_LST_TMP mkdir $DIR_LST_TMP || exit 1 The proper solution is to upgrade to the fixed package. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 1e00ac5a63350b8d6ad4d10c1c81b237 RPMS/lisa-4.1-3.i386.rpm 7ccc151b74a71435b20b095d2197c2bf SRPMS/lisa-4.1-3.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F lisa-4.1-3.i386.rpm 5. OpenLinux eServer 2.3 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 71f5e8cb70eecac2efe4c7c249fcd849 RPMS/lisa-4.1-3.i386.rpm 7ccc151b74a71435b20b095d2197c2bf SRPMS/lisa-4.1-3.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F lisa-4.1-3.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 5cd661fcd1216da69ebb58fd1e87f2e8 RPMS/lisa-4.1-3.i386.rpm 7ccc151b74a71435b20b095d2197c2bf SRPMS/lisa-4.1-3.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F lisa-4.1-3.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements We wish to thank Marc Heuse at SuSE for reporting this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5CAGW18sy83A/qfwRAqS1AJ4071TYHXyFACUqf7jI+qfzROy7pwCfW4ru 8w+EtrGp8GeHApUavz8BPf4= =jq9x -----END PGP SIGNATURE-----