SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Sort Vendors:   Caldera/SCO
Caldera 'sort' Command for UnixWare and Open UNIX Has Temporary File Security Hole That May Let Local Users Obtain Elevated Privileges
SecurityTracker Alert ID:  1003354
SecurityTracker URL:  http://securitytracker.com/id/1003354
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 25 2002
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a security vulnerability in the 'sort' utility for Caldera Open UNIX and UnixWare. A local user could obtain elevated privileges on the host.

It is reported that the 'sort' command creates temporary files in an insecure manner. This could be used by a local user to gain elevated privileges.

The affected file is /usr/bin/sort.

No further details were provided.

Impact:   A local user could obtain elevated privileges on the host.
Solution:   The vendor has released fixed binaries, available at:

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/

The verification checksum is:

MD5 (erg711766.Z) = 7e640423400147d3c1c905c1ad0cfe23

Upgrade the affected binaries with the following commands:

Download erg711766.Z to the /tmp directory

# uncompress /tmp/erg711766.Z
# pkgadd -d /tmp/erg711766

Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7 version 7.1.*, Open UNIX version 8.0.0

Message History:   This archive entry has one or more follow-up message(s) listed below.
(SGI Issues Fix) 'sort' Command Has Temporary File Security Hole That May Let Local Users Obtain Elevated Privileges
The vendor has released a fix.
(Caldera Issues Fix for OpenServer) Caldera 'sort' Command for UnixWare and Open UNIX Has Temporary File Security Hole That May Let Local Users Obtain Elevated Privileges
The vendor has released a fix for OpenServer.



 Source Message Contents

Subject:  Open UNIX, UnixWare 7: sort creates temporary files insecurely


This is a multi-part message in MIME format.
--------------D150F7BE9D47A7CD3DF4710F
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/CSSA-2002-SCO.2.txt
--------------D150F7BE9D47A7CD3DF4710F
Content-Type: text/plain; charset=us-ascii;
 name="CSSA-2002-SCO.2.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="CSSA-2002-SCO.2.txt"

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: sort creates temporary files insecurely
Advisory number: 	CSSA-2002-SCO.2
Issue date: 		2002 January 24
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	The sort command created temporary files in an insecure
	manner. This could be used by an unauthorized user to gain
	privilege.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		7.1.*		/usr/bin/sort
	Open UNIX		8.0.0		/usr/bin/sort


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/


  4.2 Verification

	md5 checksums:
	
	MD5 (erg711766.Z) = 7e640423400147d3c1c905c1ad0cfe23


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg711766.Z to the /tmp directory

	# uncompress /tmp/erg711766.Z
	# pkgadd -d /tmp/erg711766


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr848816, fz518198, erg711766.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.

	 
___________________________________________________________________________

--------------D150F7BE9D47A7CD3DF4710F--



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC