SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Docview Vendors:   Caldera/SCO
Caldera Docview Documentation Web Server Lets Local Users Gain Httpd User Account Privileges
SecurityTracker Alert ID:  1002034
SecurityTracker URL:  http://securitytracker.com/id/1002034
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 17 2001
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a vulnerability with their package of the Docview documentation web server. The security hole allows local users to gain access to the httpd user account.

Docview is a set of CGI scripts that are designed to provide documentation over http. One of the CGI scripts reportedly contains an argument validation error that allows a local user to supply a specially crafted argument and cause commands to be executed by the web server. This can give the local user web server (httpd) user account privileges.

Impact:   A local user can cause commands to be executed with the privileges of the web server (httpd user account).
Solution:   The vendor has released a fix. See the Source Message for the vendor's advisory.
Vendor URL:  www.calderasystems.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Caldera/SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2001-026.0] Linux - docview local httpd exploit


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - docview local httpd exploit
Advisory number: 	CSSA-2001-026.0
Issue date: 		2001, July 17
Cross reference:
______________________________________________________________________________


1. Problem Description

   Docview is a set of CGI scripts providing documentation over http. A
   argument validation problem in one of the CGI scripts made it possible
   for a local attacker to gain access to the 'httpd' account.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable                
   
   OpenLinux eServer 2.3.1       not vulnerable                
   and OpenLinux eBuilder                                      
   
   OpenLinux eDesktop 2.4        not vulnerable                
   
   OpenLinux Server 3.1          All packages previous to      
                                 docview-1.0-15                
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 docview-1.0-15                
   


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    not vulnerable

6. OpenLinux eDesktop 2.4

    not vulnerable

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       12edf4ca1adbda9d9c94ad57aab52b44  RPMS/docview-1.0-15.i386.rpm
       f7c3ec4d5bf75ab7517f1b8609500d96  SRPMS/docview-1.0-15.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /etc/rc.d/init.d/docview stop
         rpm -Fvh docview-1.0-15.i386.rpm
         /etc/rc.d/init.d/docview start

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       12edf4ca1adbda9d9c94ad57aab52b44  RPMS/docview-1.0-15.i386.rpm
       f7c3ec4d5bf75ab7517f1b8609500d96  SRPMS/docview-1.0-15.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	 /etc/rc.d/init.d/docview stop
         rpm -Fvh docview-1.0-15.i386.rpm
         /etc/rc.d/init.d/docview start


9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10194.

10. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7U/ta18sy83A/qfwRAsgLAJ0SzUMvruOXxLBtNs3h8hciT2OhsACdGlRc
LKCGNLy+I/w2eBMLNeEPKag=
=n9om
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC