UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
|
|
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: uucp
Announcement-ID: SuSE-SA:2001:38
Date: Wednesday, October 31th, 2001 15.06 MEST
Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: local privilege escalations (probably root)
Severity (1-10): 5
SuSE default package: no
Other affected systems: all liunx-like systems using this version
of uucp
Content of this advisory:
1) security vulnerability resolved: uucp
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
UUCP is a well known tool suite for copying data between unix-like
systems. Zen-Parse reported that the higher privileges of uux (UID
uucp) aren't dropped if long options instead of normal (short) options
are used. An attacker could exploit this hole, by specifying a malicious
configuration file to execute and/or access arbitrary data with the
privilege of user uucp.
As a temporary fix, you could either uninstall uucp from your system,
if not needed:
- rpm -e uucp
or remove the set[ug]id bit
- chmod ug-s /usr/bin/uux
Please, don't forget to add the permissions settings accordingly to
your /etc/permissions.local file.
Download the update package from locations described below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/uucp-1.06.1-333.i386.rpm
aec2eff9ec839494416563a39e72e57d
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/uucp-1.06.1-334.i386.rpm
7a217616d5fb2a5b97378d1ae11157db
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/uucp-1.06.1-334.i386.rpm
bcb88eac8dfa4116c7f70b9d1ac1b483
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/uucp-1.06.1-333.i386.rpm
d9863b92f8d4e8edf7815b7b6b4bcca1
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/uucp-1.06.1-333.i386.rpm
8a484013119b91cd51f20de850ca9104
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/uucp-1.06.1-333.i386.rpm
2c4f73d6edf52d55ef279ed9e1b1456f
Sparc Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/uucp-1.06.1-228.sparc.rpm
4ac19a1bbbdc07719ed91f6ae13d95b3
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/uucp-1.06.1-228.sparc.rpm
112361714c8515a9a5e6142e7ade70c8
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/uucp-1.06.1-227.alpha.rpm
1dca3f2767ba8be87b03932258ee6c2c
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/uucp-1.06.1-227.alpha.rpm
d54fa66ef530df2ac25fa133a5d8d67b
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/uucp-1.06.1-227.alpha.rpm
d13335ad5561f59b2ad53424a977184c
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/uucp-1.06.1-227.alpha.rpm
456e11eb134f30b6056014d76351c31c
PPC Power PC Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/uucp-1.06.1-225.ppc.rpm
d586b5fc6551da4ddebf646e686d957c
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/uucp-1.06.1-225.ppc.rpm
2eda36d95758053066f552cd6284c53a
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/uucp-1.06.1-225.ppc.rpm
1157d1b6ebfcc36d425957a27bfa7c85
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- openssh
After stabilizing the openssh package, updates for the distributions
6.4-7.2 are currently being prepared. The update packages fix a security
problem related to the recently discovered problems with source ip
based access restrictions in a user's ~/.ssh/authorized_keys2 file.
The packages will appear shortly on our ftp servers. Please note that
packages for the distributions 6.3 and up including 7.0 containing
cryptographic software are located on the German ftp server http://ftp.suse.de,
all other packages can be found on http://ftp.suse.com at the usual location.
We will issue a dedicated Security announcement for the openssh package.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.
===============================================
SuSE's security contact is <security@suse.com>.
===============================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBO+ASz3ey5gA9JdPZAQGtCgf9FtRZ3n+VH3ZtfoI8lu6k7qkedqqa0Igb
Utkko7jBCuD5GTvFpUtH3n2mm8kH++Z2DiSSgacj0OQJXl+pcdUtpSHnEYrtYiIy
RZXIE92uMVf6HIYXCdOsAyhsEytB1P23dyW1fK1wBPF3AJXc/l5++gG/rwAB+W3r
VY/JM2FVzTpAb3FsCUv3bwPy4/LMaJefqTErPkF7/MxclBX7AMnvbqxqqN8/1l1M
JRUcONwRnM3rYRvqby9/bYTrKCvpX/wNE6Gl/SXqkYGMAs1qTMJK069Oozk7Rr3d
GiVs/dTlhCFsSdlSB2XOsUFj8GwgCm4qWLRINOUdFCX2eyL8DrgUEw==
=bY/S
-----END PGP SIGNATURE-----
Bye,
Thomas
--
Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: thomas@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84
--
To unsubscribe, e-mail: suse-security-announce-unsubscribe@suse.com
For additional commands, e-mail: suse-security-announce-help@suse.com |