Red Hat Linux Errata Advisory
back
 
Synopsis The uuxqt utility can be used to execute arbitrary commands as uucp.uucp
Advisory ID RHSA-2001:165-15
Issue Date 2001-12-06
Updated On 2002-03-12
Product Red Hat Linux
Keywords uucp exploit uuxqt
Cross References
Obsoletes
Visit the new Red Hat Network
 


1. Topic:

This is a re-release of a prior uucp exploit errata which also prevents
unique substrings being used with long options.

uuxqt, in the Taylor UUCP package, does not properly remove dangerous long
options. These long options allow local users to gain uid and gid uucp
privileges by calling uux and specifying an alternate configuration file
with the --config option.

2. Problem description:

Please note, Red Hat Linux 7.2 is vulnerable to this bug.

Additionally, Red Hat Linux 7.2 uses a different locking scheme than
prior versions and the 7.2 packages should not be applied to Red Hat
Linux 7.0 or 7.1 systems. Use the relevant packages from this errata
instead.

Conversely, the 7.1 packages from this errata should not be applied to
a Red Hat Linux 7.2 system.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2001-0873 to this issue.

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64, s390

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/uucp-1.06.1-33.6.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/uucp-1.06.1-33.6.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/uucp-1.06.1-33.6.2.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/uucp-1.06.1-33.6.2.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/uucp-1.06.1-33.7.1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/uucp-1.06.1-33.7.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/uucp-1.06.1-33.7.1.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/uucp-1.06.1-33.7.1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/uucp-1.06.1-33.7.1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/uucp-1.06.1-33.7.1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/uucp-1.06.1-33.7.1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/uucp-1.06.1-33.7.2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/uucp-1.06.1-33.7.2.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/uucp-1.06.1-33.7.2.ia64.rpm

s390:
ftp://updates.redhat.com/7.2/en/os/s390/uucp-1.06.1-33.7.2.s390.rpm

6. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

7. Verification:

MD5 sum                           Package Name
-------------------------------------------------------------------------
5616d9044da2635af9601750d2a2f315 6.2/en/os/SRPMS/uucp-1.06.1-33.6.2.src.rpm
024bbec5d7fcaedc692320626e16ae18 6.2/en/os/alpha/uucp-1.06.1-33.6.2.alpha.rpm
6b2ca4965e4c4d10971534c10d578c3a 6.2/en/os/i386/uucp-1.06.1-33.6.2.i386.rpm
8ff8deb7002311232e4194988ed5ea43 6.2/en/os/sparc/uucp-1.06.1-33.6.2.sparc.rpm
f0d7a8cb43a9556cace1696065477d9b 7.0/en/os/SRPMS/uucp-1.06.1-33.7.1.src.rpm
16bf2ac3eab8ca9dbc2ecd56c80c615e 7.0/en/os/alpha/uucp-1.06.1-33.7.1.alpha.rpm
771ac34942694b1875d28d860e7847a1 7.0/en/os/i386/uucp-1.06.1-33.7.1.i386.rpm
f0d7a8cb43a9556cace1696065477d9b 7.1/en/os/SRPMS/uucp-1.06.1-33.7.1.src.rpm
16bf2ac3eab8ca9dbc2ecd56c80c615e 7.1/en/os/alpha/uucp-1.06.1-33.7.1.alpha.rpm
771ac34942694b1875d28d860e7847a1 7.1/en/os/i386/uucp-1.06.1-33.7.1.i386.rpm
1b1afeb93da48e815ba0a3c7c3a1dd3f 7.1/en/os/ia64/uucp-1.06.1-33.7.1.ia64.rpm
e8d64d249b2762322c4b1a2919063acc 7.2/en/os/SRPMS/uucp-1.06.1-33.7.2.src.rpm
624e3e88f520b3cf046985fd597c3834 7.2/en/os/i386/uucp-1.06.1-33.7.2.i386.rpm
5bda3bdbef085f3323dc7a91d3850f20 7.2/en/os/ia64/uucp-1.06.1-33.7.2.ia64.rpm
a911e543662e2e681855550245fa8234 7.2/en/os/s390/uucp-1.06.1-33.7.2.s390.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/about/contact.html

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873
http://www.securityfocus.com/bid/3312

Copyright© 2000 Red Hat, Inc.


 
Copyright © 2000-2002 Red Hat, Inc. All rights reserved.      Legal statement : Privacy statement : Your Account : Contact Red Hat

 

   
Search by Google