-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: Linux: chfn (util-linux) temp file race vulnerability Advisory number: CSSA-2002-043.0 Issue date: 2002 October 29 Cross reference: ______________________________________________________________________________ 1. Problem Description The util-linux package vulnerable to privilege escalation when the "ptmptmp" file is not removed properly when using "chfn" utility. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to util-linux-2.11l-5.1.i386.rpm OpenLinux 3.1.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm OpenLinux 3.1 Server prior to util-linux-2.11l-5.1.i386.rpm OpenLinux 3.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/RPMS 4.2 Packages 98e88787d222b51faabb2e070938f042 util-linux-2.11l-5.1.i386.rpm 4.3 Installation rpm -Fvh util-linux-2.11l-5.1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/SRPMS 4.5 Source Packages ad191ca704a7ce42122be237bd130130 util-linux-2.11l-5.1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/RPMS 5.2 Packages 41a6998cc6a49350c92e6b39c7fd313b util-linux-2.11l-5.1.i386.rpm 5.3 Installation rpm -Fvh util-linux-2.11l-5.1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/SRPMS 5.5 Source Packages a94ff2530db09700bcc8ccb245f4c084 util-linux-2.11l-5.1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/RPMS 6.2 Packages bea4d3169f518c9ce5453befdc6c2372 util-linux-2.11l-5.1.i386.rpm 6.3 Installation rpm -Fvh util-linux-2.11l-5.1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/SRPMS 6.5 Source Packages 8eda88f37ed5d3ed98a0e6a2e260fe25 util-linux-2.11l-5.1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/RPMS 7.2 Packages 4bdca72dec95ca197a2e623aa940b14e util-linux-2.11l-5.1.i386.rpm 7.3 Installation rpm -Fvh util-linux-2.11l-5.1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/SRPMS 7.5 Source Packages 4bef4047eed39cd905dc20efb8a1a9d7 util-linux-2.11l-5.1.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638 http://www.kb.cert.org/vuls/id/405955 http://razor.bindview.com/publish/advisories/adv_chfn.html SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr866639, fz521517, erg501629. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements The BindView RAZOR Team discovered and researched this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj2/RG4ACgkQbluZssSXDTHmNgCgndz6p2eQIA8L5Lw2JXxostye iSMAnjVSEOLQLUJ6x+UWG14tusEGQqnM =PPsU -----END PGP SIGNATURE-----