SuSE: 'uucp' local privilege escalation

    Date31 Oct 2001
    CategorySuSE
    2580
    Posted ByLinuxSecurity Advisories
    An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
    
    ______________________________________________________________________________
    
                            SuSE Security Announcement
    
            Package:                uucp
            Announcement-ID:        SuSE-SA:2001:38
            Date:                   Wednesday, October 31th, 2001 15.06 MEST
            Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3
            Vulnerability Type:     local privilege escalations (probably root)
            Severity (1-10):        5
            SuSE default package:   no
            Other affected systems: all liunx-like systems using this version
                                    of uucp
    
            Content of this advisory:
            1) security vulnerability resolved: uucp
               problem description, discussion, solution and upgrade information
            2) pending vulnerabilities, solutions, workarounds
            3) standard appendix (further information)
    
    ______________________________________________________________________________
    
    1)  problem description, brief discussion, solution, upgrade information
    
        UUCP is a well known tool suite for copying data between unix-like
        systems. Zen-Parse reported that the higher privileges of uux (UID
        uucp) aren't dropped if long options instead of normal (short) options
        are used. An attacker could exploit this hole, by specifying a malicious
        configuration file to execute and/or access arbitrary data with the
        privilege of user uucp.
    
        As a temporary fix, you could either uninstall uucp from your system,
        if not needed:
          - rpm -e uucp
        or remove the set[ug]id bit
          - chmod ug-s /usr/bin/uux
    
        Please, don't forget to add the permissions settings accordingly to
        your /etc/permissions.local file.
    
    
        Download the update package from locations described below and install
        the package with the command `rpm -Uhv file.rpm'. The md5sum for each
        file is in the line below. You can verify the integrity of the rpm
        files using the command
            `rpm --checksig --nogpg file.rpm',
        independently from the md5 signatures below.
    
    
    
        i386 Intel Platform:
    
        SuSE-7.3
         ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/uucp-1.06.1-333.i386.rpm
          aec2eff9ec839494416563a39e72e57d
        SuSE-7.2
         ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/uucp-1.06.1-334.i386.rpm
          7a217616d5fb2a5b97378d1ae11157db
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/uucp-1.06.1-334.i386.rpm
          bcb88eac8dfa4116c7f70b9d1ac1b483
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/uucp-1.06.1-333.i386.rpm
          d9863b92f8d4e8edf7815b7b6b4bcca1
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/uucp-1.06.1-333.i386.rpm
          8a484013119b91cd51f20de850ca9104
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/uucp-1.06.1-333.i386.rpm
          2c4f73d6edf52d55ef279ed9e1b1456f
    
    
    
        Sparc Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/uucp-1.06.1-228.sparc.rpm
          4ac19a1bbbdc07719ed91f6ae13d95b3
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/uucp-1.06.1-228.sparc.rpm
          112361714c8515a9a5e6142e7ade70c8
    
    
    
        AXP Alpha Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/uucp-1.06.1-227.alpha.rpm
          1dca3f2767ba8be87b03932258ee6c2c
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/uucp-1.06.1-227.alpha.rpm
          d54fa66ef530df2ac25fa133a5d8d67b
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/uucp-1.06.1-227.alpha.rpm
          d13335ad5561f59b2ad53424a977184c
        SuSE-6.3
         ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/uucp-1.06.1-227.alpha.rpm
          456e11eb134f30b6056014d76351c31c
    
    
    
        PPC Power PC Platform:
    
        SuSE-7.1
         ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/uucp-1.06.1-225.ppc.rpm
          d586b5fc6551da4ddebf646e686d957c
        SuSE-7.0
         ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/uucp-1.06.1-225.ppc.rpm
          2eda36d95758053066f552cd6284c53a
        SuSE-6.4
         ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/uucp-1.06.1-225.ppc.rpm
          1157d1b6ebfcc36d425957a27bfa7c85
    
    
    ______________________________________________________________________________
    
    2)  Pending vulnerabilities in SuSE Distributions and Workarounds:
    
        - openssh
          After stabilizing the openssh package, updates for the distributions
          6.4-7.2 are currently being prepared. The update packages fix a security
          problem related to the recently discovered problems with source ip
          based access restrictions in a user's ~/.ssh/authorized_keys2 file.
          The packages will appear shortly on our ftp servers. Please note that
          packages for the distributions 6.3 and up including 7.0 containing
          cryptographic software are located on the German ftp server ftp.suse.de,
          all other packages can be found on ftp.suse.com at the usual location.
          We will issue a dedicated Security announcement for the openssh package.
    
    
    ______________________________________________________________________________
    
    3)  standard appendix:
    
        SuSE runs two security mailing lists to which any interested party may
        subscribe:
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   general/linux/SuSE security discussion.
                All SuSE security announcements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        This email address is being protected from spambots. You need JavaScript enabled to view it.
            -   SuSE's announce-only mailing list.
                Only SuSE's security annoucements are sent to this list.
                To subscribe, send an email to
                    <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
    
        For general information or the frequently asked questions (faq)
        send mail to:
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> or
            <This email address is being protected from spambots. You need JavaScript enabled to view it.> respectively.
    
        ===============================================
        SuSE's security contact is <This email address is being protected from spambots. You need JavaScript enabled to view it.>.
        ===============================================
    
    ______________________________________________________________________________
    
        The information in this advisory may be distributed or reproduced,
        provided that the advisory is not modified in any way.
        SuSE GmbH makes no warranties of any kind whatsoever with respect
        to the information contained in this security advisory.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.