dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: serious bug in setuid()

Jun 09, 2000, 19:18 (0 Talkback[s])

Date: Thu, 8 Jun 2000 11:40:55 -0600
From: Technical Support support@PHOENIX.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: serious bug in setuid()

                   Caldera Systems, Inc.  Security Advisory

Subject:                serious bug in setuid()
Advisory number:        CSSA-2000-014.0
Issue date:             2000 May, 31
Cross reference:

1. Problem Description

There is a serious vulnerability in the Linux kernel that allows local users to obtain root privilege by exploiting certain setuid root applications.

We urge our customers to upgrade to the fixed kernel as soon as possible because there's a high potential that exploits for this vulnerability will be available soon.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        All packages previous to
                                linux-2.2.10-10

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       linux-2.2.14-2S

   OpenLinux eDesktop 2.4       All packages previous to
                                linux-2.2.14-5
3. Solution

Workaround:

none

The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

11c75292aeef0ef9dd154e384b1cc4a4 RPMS/linux-kernel-binary-2.2.10-10.i386.rpm
6c7c336938c94002dc2f35f8a1ec600a RPMS/linux-kernel-doc-2.2.10-10.i386.rpm
241a61a040f1e697cf1cc556589a506f RPMS/linux-kernel-include-2.2.10-10.i386.rpm
cb822c4e685f16ec69a6130b9a86f746 RPMS/linux-source-alpha-2.2.10-10.i386.rpm
dfc88466ceb9389d24e9103f8d5ac932 RPMS/linux-source-arm-2.2.10-10.i386.rpm
18e0de53049477108f951f8f4e558ec3 RPMS/linux-source-common-2.2.10-10.i386.rpm
3ce0b0cd68dd58f1318527ed3b1c1e97 RPMS/linux-source-i386-2.2.10-10.i386.rpm
81ff1f17a67cdc9a0089c277d37d7c32 RPMS/linux-source-m68k-2.2.10-10.i386.rpm
1b275795ea839cf58cfbefc3d5c1564a RPMS/linux-source-mips-2.2.10-10.i386.rpm
e412d8d6f9a4d92accbce2a42252d4ca RPMS/linux-source-ppc-2.2.10-10.i386.rpm
78b37e04fe849dfa3e1c70d20c3653d5 RPMS/linux-source-sparc-2.2.10-10.i386.rpm
9d2b1d8bb027df0e26f7636fb6c75d2f RPMS/linux-source-sparc64-2.2.10-10.i386.rpm
2f80db2f15c0f234fd5c607f4508735c SRPMS/linux-2.2.10-10.src.rpm
4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F linux-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

15864a1df8208e4e12c9b04430535aa2 RPMS/linux-kernel-binary-2.2.14-2S.i386.rpm
0a137c3cddba9317df35daab1cc84b10 RPMS/linux-kernel-doc-2.2.14-2S.i386.rpm
1f6f58b32781a46de24f61bf4940ee87 RPMS/linux-kernel-include-2.2.14-2S.i386.rpm
f0359257a1f43292b7d079959b61c61d RPMS/linux-source-alpha-2.2.14-2S.i386.rpm
8b66707076b75fde643e25ddfd924ef9 RPMS/linux-source-arm-2.2.14-2S.i386.rpm
b2a6959a5a1df5273ad108b9653f842c RPMS/linux-source-common-2.2.14-2S.i386.rpm
2e152bd8e631e6d0de4cbe6e6587e671 RPMS/linux-source-i386-2.2.14-2S.i386.rpm
9afae701d3156aedc49f3218a9419252 RPMS/linux-source-m68k-2.2.14-2S.i386.rpm
90fb4f3b4ab3a65cff029467b127fefe RPMS/linux-source-mips-2.2.14-2S.i386.rpm
e92a234bad64213b3b8b55130825c27c RPMS/linux-source-ppc-2.2.14-2S.i386.rpm
bfd6d389513ca9194ae40ab6bda9373e RPMS/linux-source-sparc-2.2.14-2S.i386.rpm
bb9f75bf05927193e24b18ad51c9fb50 RPMS/linux-source-sparc64-2.2.14-2S.i386.rpm
d71523470a0ea289dbf5cec040ef142d SRPMS/linux-2.2.14-2S.src.rpm
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F linux-*.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

7327746945691a5e6e89efc998e4d720 RPMS/linux-kernel-binary-2.2.14-5.i386.rpm
ccae8b5be63c0b4ca789453d11140dbb RPMS/linux-kernel-doc-2.2.14-5.i386.rpm
717194590eacc4b7c3daa78277024809 RPMS/linux-kernel-include-2.2.14-5.i386.rpm
c49eb57da7c1af06914137d9c5d610b4 RPMS/linux-source-alpha-2.2.14-5.i386.rpm
61ca4687fc8a509e48b0515bbad38b0d RPMS/linux-source-arm-2.2.14-5.i386.rpm
a87616d227f4bb6f88afcc6f57ad67d5 RPMS/linux-source-common-2.2.14-5.i386.rpm
f73d5129afbd59611a4a2e1283203cb8 RPMS/linux-source-i386-2.2.14-5.i386.rpm
e2a514b701f0ff2722e4999ff900a226 RPMS/linux-source-m68k-2.2.14-5.i386.rpm
fba03dd1630d50677e4a225e3a335bf0 RPMS/linux-source-mips-2.2.14-5.i386.rpm
340d604d26ff58c95ad90c356b5d444a RPMS/linux-source-ppc-2.2.14-5.i386.rpm
1067a83a5d2c8f6d9eea206521622b36 RPMS/linux-source-sparc-2.2.14-5.i386.rpm
367e2d09e2ed382def3b6c2abc13c8d3 RPMS/linux-source-sparc64-2.2.14-5.i386.rpm
b648b9653e81ad8b0acef5df5cb6797e SRPMS/linux-2.2.14-5.src.rpm
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F linux-*.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 6799

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

Caldera Systems wishes to thank Wojciech Purczynski for discovering and reporting the bug, and Chris Evans, Ted T'so, and Andrew Morgan for their assistance.