-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: sperl vulnerability Advisory number: CSSA-2000-026.1 Issue date: 2000 August, 7 Last change: 2000 October, 13 Cross reference: ______________________________________________________________________________ 1. Problem Description sperl is a setuid copy of the perl interpreter that can be used to execute perl scripts with the privilege of the file's owner. In order to be able to do so, sperl must be setuid root. When sperl detects that an attacker is trying to spoof it, it sends a mail message to the super user account using /bin/mail. By exploiting a flaw in the way sperl interacts with /bin/mail, any local user is able to obtain root privilege on the local machine. An exploit for this vulnerability has been published widely. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder perl-5.005_03-7S OpenLinux eDesktop 2.4 All packages previous to perl-5.005_03-6 3. Solution Workaround: none We recommend our users to upgrade to the new packages. 4. OpenLinux Desktop 2.3 not vulnerable 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification f2c026e940b9a3f0b1ec92b6f556d1f3 RPMS/perl-5.005_03-7S.i386.rpm b4f2d061b4cd00268b3c632816d59b4a RPMS/perl-add-5.005_03-7S.i386.rpm 3374967deb4aef58d383eb3002ab683a RPMS/perl-examples-5.005_03-7S.i386.rpm a9f3bc3c714fd716325de1a8fe1b8ff2 RPMS/perl-man-5.005_03-7S.i386.rpm 983309ef007238778b1c96be15e6d55e RPMS/perl-pod-5.005_03-7S.i386.rpm ea6ce07f694be4f616205dc2ef6b5930 SRPMS/perl-5.005_03-7S.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv `ls -r perl-*.i386.rpm` Please ignore the "directory not empty" messages 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 7542698bece734cccc30c8ef83c5af87 perl-5.005_03-6.i386.rpm 0b6e1a7e1615a5400e07c10cfd924203 perl-5.005_03-6.src.rpm 42356e924d6e6a1d5507c0951b5b5c78 perl-add-5.005_03-6.i386.rpm 49ab8a7f2e3a9f96f51ade1510405331 perl-examples-5.005_03-6.i386.rpm 2ec837db5f8bf0af5610748e2a7793a2 perl-man-5.005_03-6.i386.rpm 64cc98b972e8f9297933ac74fd547386 perl-pod-5.005_03-6.i386.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv perl-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 7347. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55xWN18sy83A/qfwRAiFjAJ4teZRp6aWcT5Ydt2rYJjG9gySFZACfYigV RPPQj/Nj0V+ZxxbYJVTJ9Wo= =xLtt -----END PGP SIGNATURE-----