Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[Full-Disclosure] Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability

From: security () caldera com
Date: Tue, 29 Oct 2002 17:25:32 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: chfn (util-linux) temp file race vulnerability 
Advisory number:        CSSA-2002-043.0
Issue date:             2002 October 29
Cross reference:
______________________________________________________________________________


1. Problem Description

        The util-linux package vulnerable to privilege escalation when the
        "ptmptmp" file is not removed properly when using "chfn" utility.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to util-linux-2.11l-5.1.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to util-linux-2.11l-5.1.i386.rpm

        OpenLinux 3.1 Server            prior to util-linux-2.11l-5.1.i386.rpm

        OpenLinux 3.1 Workstation       prior to util-linux-2.11l-5.1.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/RPMS

        4.2 Packages

        98e88787d222b51faabb2e070938f042        util-linux-2.11l-5.1.i386.rpm

        4.3 Installation

        rpm -Fvh util-linux-2.11l-5.1.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/SRPMS

        4.5 Source Packages

        ad191ca704a7ce42122be237bd130130        util-linux-2.11l-5.1.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/RPMS

        5.2 Packages

        41a6998cc6a49350c92e6b39c7fd313b        util-linux-2.11l-5.1.i386.rpm

        5.3 Installation

        rpm -Fvh util-linux-2.11l-5.1.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/SRPMS

        5.5 Source Packages

        a94ff2530db09700bcc8ccb245f4c084        util-linux-2.11l-5.1.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/RPMS

        6.2 Packages

        bea4d3169f518c9ce5453befdc6c2372        util-linux-2.11l-5.1.i386.rpm

        6.3 Installation

        rpm -Fvh util-linux-2.11l-5.1.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/SRPMS

        6.5 Source Packages

        8eda88f37ed5d3ed98a0e6a2e260fe25        util-linux-2.11l-5.1.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/RPMS

        7.2 Packages

        4bdca72dec95ca197a2e623aa940b14e        util-linux-2.11l-5.1.i386.rpm

        7.3 Installation

        rpm -Fvh util-linux-2.11l-5.1.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/SRPMS

        7.5 Source Packages

        4bef4047eed39cd905dc20efb8a1a9d7        util-linux-2.11l-5.1.src.rpm


8. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638
                http://www.kb.cert.org/vuls/id/405955
                http://razor.bindview.com/publish/advisories/adv_chfn.html

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr866639, fz521517,
        erg501629.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        The BindView RAZOR Team discovered and researched this
        vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: