-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1997.26: Vulnerability in perl-5.003 Caldera Security Advisory SA-1997.26 Original report date: 13-Nov-1997 RPM build date: 13-Nov-1997 Advisory issue date: 18-Nov-1997 Topic: Vulnerability in the perl-5.003 package I. Problem Description Any user can gain root privileges on a Intel Linux system with suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF" and "two suidperl security patches" have been applied. Non-Intel or non-Linux platforms may be affected as well. II. Impact On systems such as Caldera OpenLinux 1.1, an unprivileged user can gain root privileges. This problem was present on the following OpenLinux releases: CND 1.0 Base 1.0 Lite 1.1 Base 1.1 Standard 1.1 To determine if you are affected and need this update you may do the following: rpm -q perl If the results shows perl-5.003-xxx then you will need to update. CND 1.0 installations: Please note that the following operations require prior installation of the rpm update: See ftp://ftp.caldera.com/pub/cnd-1.0/updates/rpm-update.README III. Solution As a temporary workaround, you can clear the suid bit: chmod u-s /usr/bin/sperl5.003 A better solution is to install the new perl-5.004_03 package set which does not contain this problem. They are located on Caldera's FTP server (ftp.caldera.com): ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS/ and ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS/ for the source. Their MD5 checksums are: af0d326beb9c64c81d4c2381c2d16c02 perl-5.004_03-1.i386.rpm 61a3e6b22dce7ba3ba4e1b32378aa7f7 perl-add-5.004_03-1.i386.rpm 3d6825b76f0284e60ab789402ea0d693 perl-examples-5.004_03-1.i386.rpm cee97a2f330cc7761c72656d178f5a3f perl-man-5.004_03-1.i386.rpm 6811c88230288529725470ef5bf644e2 perl-pod-5.004_03-1.i386.rpm These instructions will only install new versions of packages that have been installed. If you are certain a package has not been installed you can skip its line to save typing. If you are not certain use all command lines. rpm -e perl-5.003 && rpm -i perl-5.004_03-1.i386.rpm rpm -e perl-eg-5.003 && rpm -i perl-examples-5.004_03-1.i386.rpm rpm -e perl-add-5.003 && rpm -U perl-add-5.004_03-1.i386.rpm rpm -e perl-man-5.003 && rpm -U perl-man-5.004_03-1.i386.rpm rpm -e perl-pod-5.003 && rpm -U perl-pod-5.004_03-1.i386.rpm IV. References / Credits This advisory is based on the BUGTRAQ post with message ID posted by Pavel Kankovsky on 13-Nov-1997. This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ This security alert closes Caldera's internal problem report #1098. V. PGP Signature This message was signed with the PGP key for . This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1997.26,v 1.4 1997/11/18 23:53:17 ron Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNHIqqun+9R4958LpAQG16QQAgpUn1JypSu3ojZc/Yi5MzEAhcv7n4nte EoQVVui+lL1bWu7Uq8/moiEXABkzoVHEeA/3wc1d1k3+n9gnXsu2z+WO5vPoNBkI G7iqYI6Z7y/dHbhqnYY1pxgKLlzY2JU0xBaee3YmoXCE6bP2dIQtqb6nH0Fv/vVR FZAdlQ1mZjE= =g6Dn -----END PGP SIGNATURE-----