SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Taylor UUCP Vendors:   Taylor, Ian Lance
(Caldera Issues Fix) Taylor UUCP Input Validation Flaw Allows Local Users to Elevate Privileges
SecurityTracker Alert ID:  1002382
SecurityTracker URL:  http://securitytracker.com/id/1002382
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 10 2001
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): uucp-1.06.1-25
Description:   A vulnerability was reported in Taylor UUCP. An argument handling flaw in a component of the Taylor UUCP package allows local users to obtain 'uucp' user and group privileges.

The uuxqt module (the UUCP execution daemon), which is designed to remove arguments that appear dangerous before execution, reportedly fails to remove long arguments. This allows a local user to cause cammands to be executed on the system with uucp privileges.

On OpenBSD 2.8 (and probably others), this reportedly indirectly allows root compromise. A local user can exploit the vulnerability to overwrite the uucp owned program /usr/bin/uustat, where arbitrary commands may be executed as part of the /etc/daily crontab script.

On Redhat 7.0 (and probably others), this reportedly indirectly allows a local user to create empty files as root execute commands as if logged in at the console.

Additional demonstration exploit information is provided in the Source Message.

Impact:   A local user can cause arbitrary commands to be executed on the system with 'uucp' user and group privileges, giving the local user 'uucp' level permissions on the system.
Solution:   The vendor has released a fix. See the Source Message for the vendor's advisory containing directions on how to obtain the appropriate fix.
Vendor URL:  www.airs.com/ian/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Caldera/SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 8 2001 Taylor UUCP Input Validation Flaw Allows Local Users to Elevate Privileges



 Source Message Contents

Subject:  Security Update [CSSA-033.0]Linux - uucp argument handling problems


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - uucp argument handling problems
Advisory number: 	CSSA-2001-033.0
Issue date: 		2001, September 07
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a argument handling problem which allows a local attacker to
   gain access to the uucp group. Using this access the attacker could
   use badly written scripts to gain access to the root account.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 All packages previous to      
                                 uucp-1.06.2-8OL               
   
   OpenLinux eServer 2.3.1       All packages previous to      
   and OpenLinux eBuilder        uucp-1.06.2-8OL               
   
   OpenLinux eDesktop 2.4        All packages previous to      
                                 uucp-1.06.2-8OL               
   
   OpenLinux Server 3.1          All packages previous to      
                                 uucp-1.06.2-8                 
   
   OpenLinux Workstation 3.1     All packages previous to      
                                 uucp-1.06.2-8                 
   
3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       dd0f6e46374d62c349bf7a1f618a23a0  RPMS/uucp-1.06.2-8OL.i386.rpm
       33b96ff362a261b87f73b2377fa20a5d  RPMS/uucp-doc-1.06.2-8OL.i386.rpm
       e602cfba314e2519e2762bfecac9024c  SRPMS/uucp-1.06.2-8OL.src.rpm
       

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
              uucp-doc-1.06.2-8OL.i386.rpm
         

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       ee5c7f9bf1887d3c34f8c232b70a84b7  RPMS/uucp-1.06.2-8OL.i386.rpm
       26f7f712e318c63a5deea1474a58e06f  RPMS/uucp-doc-1.06.2-8OL.i386.rpm
       e602cfba314e2519e2762bfecac9024c  SRPMS/uucp-1.06.2-8OL.src.rpm
       

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
              uucp-doc-1.06.2-8OL.i386.rpm
         

6. OpenLinux eDesktop 2.4

    6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       1f00b87ce48e72d8a4bd754123d554d4  RPMS/uucp-1.06.2-8OL.i386.rpm
       c00296b93945c8778c46252e975818d2  RPMS/uucp-doc-1.06.2-8OL.i386.rpm
       e602cfba314e2519e2762bfecac9024c  SRPMS/uucp-1.06.2-8OL.src.rpm
       

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh uucp-1.06.2-8OL.i386.rpm \
              uucp-doc-1.06.2-8OL.i386.rpm
         

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       4e3b47bc507d48bf9396e70c806d9a8e  RPMS/uucp-1.06.2-8.i386.rpm
       41cabb92a4eb86310d01c6a6b2f7453b  RPMS/uucp-doc-html-1.06.2-8.i386.rpm
       d06d2cd63b739895ebf82fa361266f16  RPMS/uucp-doc-ps-1.06.2-8.i386.rpm
       6f3e6037bd3839380f9a4104e55a9a73  SRPMS/uucp-1.06.2-8.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh uucp-1.06.2-8.i386.rpm \
              uucp-doc-html-1.06.2-8.i386.rpm \
              uucp-doc-ps-1.06.2-8.i386.rpm
         

8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       4e3b47bc507d48bf9396e70c806d9a8e  RPMS/uucp-1.06.2-8.i386.rpm
       41cabb92a4eb86310d01c6a6b2f7453b  RPMS/uucp-doc-html-1.06.2-8.i386.rpm
       d06d2cd63b739895ebf82fa361266f16  RPMS/uucp-doc-ps-1.06.2-8.i386.rpm
       6f3e6037bd3839380f9a4104e55a9a73  SRPMS/uucp-1.06.2-8.src.rpm
       

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh uucp-1.06.2-8.i386.rpm \
              uucp-doc-html-1.06.2-8.i386.rpm \
              uucp-doc-ps-1.06.2-8.i386.rpm
         

9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10430.


10. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

11. Acknowledgements

   Caldera International wishes to thank Zen Parse for reporting this
   problem.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7mLNh18sy83A/qfwRAjufAJ9EDB62Ytxhmm7btRwdaBqFKTefhgCeJLeG
N+UBsH+SqoY7LRBr7hIRE48=
=ukQY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC