-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: security problem in traceroute Advisory number: CSSA-2000-034.0 Issue date: 2000 September, 29 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a bug in the traceroute command that can possibly be used by local users to obtain super user privilege. There are no exploits available so far, but we encourage our customers to upgrade nevertheless. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to traceroute-1.4a5-9 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder traceroute-1.4a5-9 OpenLinux eDesktop 2.4 All packages previous to traceroute-1.4a5-9 3. Solution Workaround: Remove the setuid bit from traceroute chmod u-s /usr/sbin/traceroute or uninstall it entirely: rpm -e traceroute The proper solution is to upgrade to the fixed packages. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 10a0865014f9a7adde15b1273a613672 RPMS/traceroute-1.4a5-9.i386.rpm 9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv traceroute-1.4a5-9.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 8f65446f8da688c94d7a1090579b987c RPMS/traceroute-1.4a5-9.i386.rpm 9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv traceroute-1.4a5-9.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 45cd9ac95771a444ace0e2275789ba11 RPMS/traceroute-1.4a5-9.i386.rpm 9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv traceroute-1.4a5-9.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 7927. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Thanks to Pekka Savola for discovering the bug, and to Chris Evans . ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE51Jk118sy83A/qfwRAn/xAJ9jjBxGq7hmUC/wmJ4WnONm+5PcSwCfXdOK F2BtVam2XeK9tCdUb9m68Mo= =Xetc -----END PGP SIGNATURE-----