SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   mm library Vendors:   Engelschall, Ralf S.
(Caldera Issues Fix for OpenLinux) 'mm' Shared Memory Allocation Library Temporary File Race Condition May Allow Local Users to Gain Elevated Privileges
SecurityTracker Alert ID:  1004895
SecurityTracker URL:  http://securitytracker.com/id/1004895
CVE Reference:   CVE-2002-0658   (Links to External Site)
Date:  Jul 31 2002
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.2.0
Description:   A vulnerability was reported in the 'mm' shared memory allocation library. A local user may be able to obtain elevated privileges on the system.

It was reported that the OSSP 'mm' library (used by the Apache web server) contains a race condition vulnerability that may allow a local user to obtain root privileges on the system. The flaw is cause by insecure creating of temporary files. No further details were provided.

Marcus Meissner and Sebastian Krahmer are credited with discovering the flaw.

Impact:   A local user (or a remote user with Apache user account shell access) may be able to obtain elevated privileges on the system.
Solution:   Caldera has released a fix for OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/RPMS

Packages

288b4b7f04fd6f86c57a37600445fad2 apache-1.3.22-6.2.i386.rpm
0fb7cb950273fa4033c9b3e7ae0c866c apache-devel-1.3.22-6.2.i386.rpm
58b2239773abb64736cdae47e974f5bd apache-doc-1.3.22-6.2.i386.rpm
e90244e70b6637fd4a6e0b996790027e mm-1.1.3-6.i386.rpm
12beafe3a80add0b0d259f3862618888 mm-devel-1.1.3-6.i386.rpm
bbe13db9994ae59d6a9e02e82d767bb9 mm-devel-static-1.1.3-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.2.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
rpm -Fvh mm-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/SRPMS

Source Packages

3f1508fed9c5a7120e948d2f23fa5a07 apache-1.3.22-6.2.src.rpm
9437d47263c28b7efc3fa32fd0b7e2bf mm-1.1.3-6.src.rpm


OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/RPMS

Packages

5d88563f7a3f648cd0ba177866b4c7f4 apache-1.3.22-6.2.i386.rpm
a91ea79523076fa7f71f008242455c74 apache-devel-1.3.22-6.2.i386.rpm
5ef1e68029253f18df3a86243f43b38e apache-doc-1.3.22-6.2.i386.rpm
a9380214993caaf1664390d6107a9d99 mm-1.1.3-6.i386.rpm
9dce92bf81c56f29222e7f686f156463 mm-devel-1.1.3-6.i386.rpm
4f36db29f5eb08fec4a9ee5074e6731a mm-devel-static-1.1.3-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.2.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
rpm -Fvh mm-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/SRPMS

Source Packages

b9ccef42f9e9878381532b4959f52f2a apache-1.3.22-6.2.src.rpm
bd8d1a94fa5ca11a87a64580d9e82bcc mm-1.1.3-6.src.rpm


OpenLinux 3.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/RPMS

Packages

a93ed3ebd0aa817d400160468c3fe3a1 apache-1.3.22-6.2.i386.rpm
58d3e98367b84159223bac4b69b1bdd6 apache-devel-1.3.22-6.2.i386.rpm
ec2c93fa309fe29a90f593da3db71af8 apache-doc-1.3.22-6.2.i386.rpm
3391fb0b8505b0ec0c3c8f3370508fc9 mm-1.1.3-6.i386.rpm
c72a0338d81452ab4932b6c1de82f0cc mm-devel-1.1.3-6.i386.rpm
4471799937497c53c5d4ccde411a64fe mm-devel-static-1.1.3-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.2.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
rpm -Fvh mm-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/SRPMS

Source Packages

4895bc8f8bf5567a467332a7ff129492 apache-1.3.22-6.2.src.rpm
4a0cd7bdf6a7d6ebe769a96e0e25a83c mm-1.1.3-6.src.rpm


OpenLinux 3.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/RPMS

Packages

ab902357aade4b77427442c6cef70510 apache-1.3.22-6.2.i386.rpm
8bf8a482b851db023e8a8942e25321e7 apache-devel-1.3.22-6.2.i386.rpm
114f59b93d19be1cdb95087f8a17d9ce apache-doc-1.3.22-6.2.i386.rpm
c060a276958dd1b376b93512d0522fdf mm-1.1.3-6.i386.rpm
7e878f082b49816f76c1e7949128c85b mm-devel-1.1.3-6.i386.rpm
665f6d290d6df6594077df97df4d892f mm-devel-static-1.1.3-6.i386.rpm

Installation

rpm -Fvh apache-1.3.22-6.2.i386.rpm
rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
rpm -Fvh mm-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-1.1.3-6.i386.rpm
rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/SRPMS

Source Packages

b0ae3b8ddbd4d09f7fb312cf14a1db8c apache-1.3.22-6.2.src.rpm
94367d892d24215d3e1b6581c1b4e8d3 mm-1.1.3-6.src.rpm

Vendor URL:  www.ossp.org/pkg/lib/mm/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux 3.1 and 3.1.1; Workstation and Server

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 'mm' Shared Memory Allocation Library Temporary File Race Condition May Allow Local Users to Gain Elevated Privileges



 Source Message Contents

Subject:  Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm


--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: temporary file races in libmm
Advisory number: 	CSSA-2002-032.0
Issue date: 		2002 July 30
Cross reference:
______________________________________________________________________________


1. Problem Description

	The OSSP mm library (libmm) allows a local Apache user to gain
	privileges via temporary files, possibly via a symbolic link.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apache-1.3.22-6.2.i386.rpm
					prior to apache-devel-1.3.22-6.2.i386.rpm
					prior to apache-doc-1.3.22-6.2.i386.rpm
					prior to mm-1.1.3-6.i386.rpm
					prior to mm-devel-1.1.3-6.i386.rpm
					prior to mm-devel-static-1.1.3-6.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to apache-1.3.22-6.2.i386.rpm
					prior to apache-devel-1.3.22-6.2.i386.rpm
					prior to apache-doc-1.3.22-6.2.i386.rpm
					prior to mm-1.1.3-6.i386.rpm
					prior to mm-devel-1.1.3-6.i386.rpm
					prior to mm-devel-static-1.1.3-6.i386.rpm

	OpenLinux 3.1 Server		prior to apache-1.3.22-6.2.i386.rpm
					prior to apache-devel-1.3.22-6.2.i386.rpm
					prior to apache-doc-1.3.22-6.2.i386.rpm
					prior to mm-1.1.3-6.i386.rpm
					prior to mm-devel-1.1.3-6.i386.rpm
					prior to mm-devel-static-1.1.3-6.i386.rpm

	OpenLinux 3.1 Workstation	prior to apache-1.3.22-6.2.i386.rpm
					prior to apache-devel-1.3.22-6.2.i386.rpm
					prior to apache-doc-1.3.22-6.2.i386.rpm
					prior to mm-1.1.3-6.i386.rpm
					prior to mm-devel-1.1.3-6.i386.rpm
					prior to mm-devel-static-1.1.3-6.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/RPMS

	4.2 Packages

	288b4b7f04fd6f86c57a37600445fad2	apache-1.3.22-6.2.i386.rpm
	0fb7cb950273fa4033c9b3e7ae0c866c	apache-devel-1.3.22-6.2.i386.rpm
	58b2239773abb64736cdae47e974f5bd	apache-doc-1.3.22-6.2.i386.rpm
	e90244e70b6637fd4a6e0b996790027e	mm-1.1.3-6.i386.rpm
	12beafe3a80add0b0d259f3862618888	mm-devel-1.1.3-6.i386.rpm
	bbe13db9994ae59d6a9e02e82d767bb9	mm-devel-static-1.1.3-6.i386.rpm

	4.3 Installation

	rpm -Fvh apache-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
	rpm -Fvh mm-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/SRPMS

	4.5 Source Packages

	3f1508fed9c5a7120e948d2f23fa5a07	apache-1.3.22-6.2.src.rpm
	9437d47263c28b7efc3fa32fd0b7e2bf	mm-1.1.3-6.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/RPMS

	5.2 Packages

	5d88563f7a3f648cd0ba177866b4c7f4	apache-1.3.22-6.2.i386.rpm
	a91ea79523076fa7f71f008242455c74	apache-devel-1.3.22-6.2.i386.rpm
	5ef1e68029253f18df3a86243f43b38e	apache-doc-1.3.22-6.2.i386.rpm
	a9380214993caaf1664390d6107a9d99	mm-1.1.3-6.i386.rpm
	9dce92bf81c56f29222e7f686f156463	mm-devel-1.1.3-6.i386.rpm
	4f36db29f5eb08fec4a9ee5074e6731a	mm-devel-static-1.1.3-6.i386.rpm

	5.3 Installation

	rpm -Fvh apache-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
	rpm -Fvh mm-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/SRPMS

	5.5 Source Packages

	b9ccef42f9e9878381532b4959f52f2a	apache-1.3.22-6.2.src.rpm
	bd8d1a94fa5ca11a87a64580d9e82bcc	mm-1.1.3-6.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/RPMS

	6.2 Packages

	a93ed3ebd0aa817d400160468c3fe3a1	apache-1.3.22-6.2.i386.rpm
	58d3e98367b84159223bac4b69b1bdd6	apache-devel-1.3.22-6.2.i386.rpm
	ec2c93fa309fe29a90f593da3db71af8	apache-doc-1.3.22-6.2.i386.rpm
	3391fb0b8505b0ec0c3c8f3370508fc9	mm-1.1.3-6.i386.rpm
	c72a0338d81452ab4932b6c1de82f0cc	mm-devel-1.1.3-6.i386.rpm
	4471799937497c53c5d4ccde411a64fe	mm-devel-static-1.1.3-6.i386.rpm

	6.3 Installation

	rpm -Fvh apache-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
	rpm -Fvh mm-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/SRPMS

	6.5 Source Packages

	4895bc8f8bf5567a467332a7ff129492	apache-1.3.22-6.2.src.rpm
	4a0cd7bdf6a7d6ebe769a96e0e25a83c	mm-1.1.3-6.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/RPMS

	7.2 Packages

	ab902357aade4b77427442c6cef70510	apache-1.3.22-6.2.i386.rpm
	8bf8a482b851db023e8a8942e25321e7	apache-devel-1.3.22-6.2.i386.rpm
	114f59b93d19be1cdb95087f8a17d9ce	apache-doc-1.3.22-6.2.i386.rpm
	c060a276958dd1b376b93512d0522fdf	mm-1.1.3-6.i386.rpm
	7e878f082b49816f76c1e7949128c85b	mm-devel-1.1.3-6.i386.rpm
	665f6d290d6df6594077df97df4d892f	mm-devel-static-1.1.3-6.i386.rpm

	7.3 Installation

	rpm -Fvh apache-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm
	rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm
	rpm -Fvh mm-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-1.1.3-6.i386.rpm
	rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/SRPMS

	7.5 Source Packages

	b0ae3b8ddbd4d09f7fb312cf14a1db8c	apache-1.3.22-6.2.src.rpm
	94367d892d24215d3e1b6581c1b4e8d3	mm-1.1.3-6.src.rpm


8. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
		http://www.ossp.org/pkg/lib/mm/

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr867252, fz525663,
	erg501638.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Sebastian Krahmer and Marcus Meissner discovered and
	researched this vulnerability.

______________________________________________________________________________

--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj1HO3UACgkQbluZssSXDTFepQCeMTfVEf2QMgxLZBkKgE/jUyQV
gRkAnRGA8Y9SqbmTbONWLvome9q1r/oe
=UCsx
-----END PGP SIGNATURE-----

--CE+1k2dSO48ffgeK--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC