From thomas@suse.de Wed Oct 31 12:19:11 2001 From: Thomas Biege To: bugtraq@securityfocus.com Date: Wed, 31 Oct 2001 17:47:27 +0100 (CET) Subject: SuSE Security Announcement: uucp (SuSE-SA:2001:38) -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: uucp Announcement-ID: SuSE-SA:2001:38 Date: Wednesday, October 31th, 2001 15.06 MEST Affected SuSE versions: 6.3, 6.4, 7.0, 7.1, 7.2, 7.3 Vulnerability Type: local privilege escalations (probably root) Severity (1-10): 5 SuSE default package: no Other affected systems: all liunx-like systems using this version of uucp Content of this advisory: 1) security vulnerability resolved: uucp problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp. As a temporary fix, you could either uninstall uucp from your system, if not needed: - rpm -e uucp or remove the set[ug]id bit - chmod ug-s /usr/bin/uux Please, don't forget to add the permissions settings accordingly to your /etc/permissions.local file. Download the update package from locations described below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/uucp-1.06.1-333.i386.rpm aec2eff9ec839494416563a39e72e57d SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/uucp-1.06.1-334.i386.rpm 7a217616d5fb2a5b97378d1ae11157db SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/uucp-1.06.1-334.i386.rpm bcb88eac8dfa4116c7f70b9d1ac1b483 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/uucp-1.06.1-333.i386.rpm d9863b92f8d4e8edf7815b7b6b4bcca1 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/uucp-1.06.1-333.i386.rpm 8a484013119b91cd51f20de850ca9104 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/uucp-1.06.1-333.i386.rpm 2c4f73d6edf52d55ef279ed9e1b1456f Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n2/uucp-1.06.1-228.sparc.rpm 4ac19a1bbbdc07719ed91f6ae13d95b3 SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/uucp-1.06.1-228.sparc.rpm 112361714c8515a9a5e6142e7ade70c8 AXP Alpha Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/uucp-1.06.1-227.alpha.rpm 1dca3f2767ba8be87b03932258ee6c2c SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/uucp-1.06.1-227.alpha.rpm d54fa66ef530df2ac25fa133a5d8d67b SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/uucp-1.06.1-227.alpha.rpm d13335ad5561f59b2ad53424a977184c SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/uucp-1.06.1-227.alpha.rpm 456e11eb134f30b6056014d76351c31c PPC Power PC Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/uucp-1.06.1-225.ppc.rpm d586b5fc6551da4ddebf646e686d957c SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/uucp-1.06.1-225.ppc.rpm 2eda36d95758053066f552cd6284c53a SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/uucp-1.06.1-225.ppc.rpm 1157d1b6ebfcc36d425957a27bfa7c85 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - openssh After stabilizing the openssh package, updates for the distributions 6.4-7.2 are currently being prepared. The update packages fix a security problem related to the recently discovered problems with source ip based access restrictions in a user's ~/.ssh/authorized_keys2 file. The packages will appear shortly on our ftp servers. Please note that packages for the distributions 6.3 and up including 7.0 containing cryptographic software are located on the German ftp server ftp.suse.de, all other packages can be found on ftp.suse.com at the usual location. We will issue a dedicated Security announcement for the openssh package. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . suse-security-announce@suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. =============================================== SuSE's security contact is . =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBO+ASz3ey5gA9JdPZAQGtCgf9FtRZ3n+VH3ZtfoI8lu6k7qkedqqa0Igb Utkko7jBCuD5GTvFpUtH3n2mm8kH++Z2DiSSgacj0OQJXl+pcdUtpSHnEYrtYiIy RZXIE92uMVf6HIYXCdOsAyhsEytB1P23dyW1fK1wBPF3AJXc/l5++gG/rwAB+W3r VY/JM2FVzTpAb3FsCUv3bwPy4/LMaJefqTErPkF7/MxclBX7AMnvbqxqqN8/1l1M JRUcONwRnM3rYRvqby9/bYTrKCvpX/wNE6Gl/SXqkYGMAs1qTMJK069Oozk7Rr3d GiVs/dTlhCFsSdlSB2XOsUFj8GwgCm4qWLRINOUdFCX2eyL8DrgUEw== =bY/S -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84