-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - uucp argument handling problems Advisory number: CSSA-2001-033.0 Issue date: 2001, September 07 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a argument handling problem which allows a local attacker to gain access to the uucp group. Using this access the attacker could use badly written scripts to gain access to the root account. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux 2.3 All packages previous to uucp-1.06.2-8OL OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder uucp-1.06.2-8OL OpenLinux eDesktop 2.4 All packages previous to uucp-1.06.2-8OL OpenLinux Server 3.1 All packages previous to uucp-1.06.2-8 OpenLinux Workstation 3.1 All packages previous to uucp-1.06.2-8 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification dd0f6e46374d62c349bf7a1f618a23a0 RPMS/uucp-1.06.2-8OL.i386.rpm 33b96ff362a261b87f73b2377fa20a5d RPMS/uucp-doc-1.06.2-8OL.i386.rpm e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh uucp-1.06.2-8OL.i386.rpm \ uucp-doc-1.06.2-8OL.i386.rpm 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification ee5c7f9bf1887d3c34f8c232b70a84b7 RPMS/uucp-1.06.2-8OL.i386.rpm 26f7f712e318c63a5deea1474a58e06f RPMS/uucp-doc-1.06.2-8OL.i386.rpm e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh uucp-1.06.2-8OL.i386.rpm \ uucp-doc-1.06.2-8OL.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 1f00b87ce48e72d8a4bd754123d554d4 RPMS/uucp-1.06.2-8OL.i386.rpm c00296b93945c8778c46252e975818d2 RPMS/uucp-doc-1.06.2-8OL.i386.rpm e602cfba314e2519e2762bfecac9024c SRPMS/uucp-1.06.2-8OL.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh uucp-1.06.2-8OL.i386.rpm \ uucp-doc-1.06.2-8OL.i386.rpm 7. OpenLinux 3.1 Server 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 7.2 Verification 4e3b47bc507d48bf9396e70c806d9a8e RPMS/uucp-1.06.2-8.i386.rpm 41cabb92a4eb86310d01c6a6b2f7453b RPMS/uucp-doc-html-1.06.2-8.i386.rpm d06d2cd63b739895ebf82fa361266f16 RPMS/uucp-doc-ps-1.06.2-8.i386.rpm 6f3e6037bd3839380f9a4104e55a9a73 SRPMS/uucp-1.06.2-8.src.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh uucp-1.06.2-8.i386.rpm \ uucp-doc-html-1.06.2-8.i386.rpm \ uucp-doc-ps-1.06.2-8.i386.rpm 8. OpenLinux 3.1 Workstation 8.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 8.2 Verification 4e3b47bc507d48bf9396e70c806d9a8e RPMS/uucp-1.06.2-8.i386.rpm 41cabb92a4eb86310d01c6a6b2f7453b RPMS/uucp-doc-html-1.06.2-8.i386.rpm d06d2cd63b739895ebf82fa361266f16 RPMS/uucp-doc-ps-1.06.2-8.i386.rpm 6f3e6037bd3839380f9a4104e55a9a73 SRPMS/uucp-1.06.2-8.src.rpm 8.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh uucp-1.06.2-8.i386.rpm \ uucp-doc-html-1.06.2-8.i386.rpm \ uucp-doc-ps-1.06.2-8.i386.rpm 9. References This and other Caldera security resources are located at: http://www.caldera.com/support/security/index.html This security fix closes Caldera's internal Problem Report 10430. 10. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 11. Acknowledgements Caldera International wishes to thank Zen Parse for reporting this problem. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7mLNh18sy83A/qfwRAjufAJ9EDB62Ytxhmm7btRwdaBqFKTefhgCeJLeG N+UBsH+SqoY7LRBr7hIRE48= =ukQY -----END PGP SIGNATURE-----