(SCO Releases Fix) Re: Cron Utility Allows Local Users to Obtain Root-Level Privileges
|
SecurityTracker Alert ID: 1001869 |
SecurityTracker URL: http://securitytracker.com/id/1001869
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 28 2001
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.0pl1-57.3
|
Description:
A vulnerability was reported in the Vixie cron utility that allows local users to obtain root-level privileges on the host.
It is reported that a recent (fall 2000) security fix to cron introduced this vulnerability. The utility apparently does not properly release privileges before invoking the editor, allowing a local user to execute commands on the host with root-level privileges.
|
Impact:
A local user can execute commands on the host with root-level privileges, thereby obtaining root level access to the host.
|
Solution:
SCO has released a fix for UnixWare 7. The fixed binaries are available at: ftp://ftp.sco.com/pub/security/unixware/sr847406/
|
Vendor URL: www.debian.org/security/ (Links to External Site)
|
Cause:
State error
|
Underlying OS: UNIX (Open UNIX-SCO)
|
Underlying OS Comments: UnixWare 7
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Subject: Security Update: [CSSA-2001-SCO.3] UnixWare - cron buffer overflow
|
--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
To: bugtraq@securityfocus.com security-announce@lists.securityportal.com
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: UnixWare - cron buffer overflow
Advisory number: CSSA-2001-SCO.3
Issue date: 2001 June, 27
Cross reference:
___________________________________________________________________________
1. Problem Description
The cron command is vulnerable to a command line argument
buffer overflow. This could allow a process to execute
arbitrary code, allowing a malicious user to gain elevated
privileges.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/bin/crontab
3. Workaround
None.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/unixware/sr847406/
4.2 Verification
md5 checksums:
2f00acf514126ad9e8bced6ceb7bb66e erg711714a.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711714a.Z
# pkgadd -d /tmp/erg711714a
5. References
http://www.calderasystems.com/support/security/index.html
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International, Inc. products.
___________________________________________________________________________
--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjs6ZusACgkQaqoBO7ipriE87gCeKoXcOH0LqYI2vI9H4zA1mocr
eQoAoIhWeUrIl1SHEGLEVieV/YS4tqTm
=EAMl
-----END PGP SIGNATURE-----
--3MwIy2ne0vdjdPXF--
|
|