dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: sperl vulnerability

Aug 09, 2000, 23:41 (0 Talkback[s])

Date: Wed, 9 Aug 2000 08:56:47 -0600
From: Technical Support support@PHOENIX.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: sperl vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                   Caldera Systems, Inc.  Security Advisory

Subject:                sperl vulnerability
Advisory number:        CSSA-2000-026.0
Issue date:             2000 August, 7
Cross reference:

1. Problem Description

sperl is a setuid copy of the perl interpreter that can be used to execute perl scripts with the privilege of the file's owner. In order to be able to do so, sperl must be setuid root.

When sperl detects that an attacker is trying to spoof it, it sends a mail message to the super user account using /bin/mail. By exploiting a flaw in the way sperl interacts with /bin/mail, any local user is able to obtain root privilege on the local machine.

An exploit for this vulnerability has been published widely.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        not vulnerable

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       perl-5.005_03-6S

   OpenLinux eDesktop 2.4       All packages previous to
                                perl-5.005_03-6
3. Solution

Workaround:

none

We recommend our users to upgrade to the new packages.

4. OpenLinux Desktop 2.3

not vulnerable

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

55bf850e54e8ddd91a00f67b528d831d perl-5.005_03-6S.i386.rpm
bf1f56c565c512a8dbf970d04304d22c perl-5.005_03-6S.src.rpm
76f2238063b94983591ae10ad3715eb3 perl-add-5.005_03-6S.i386.rpm
94bc4d6e0963391c4d100e8d2a2c73d1 perl-examples-5.005_03-6S.i386.rpm
eca239c5b0c9cb7cc98d4254304a6e3d perl-man-5.005_03-6S.i386.rpm
18c76ed983ff45fd8dc5442cee2e6f4e perl-pod-5.005_03-6S.i386.rpm
5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv perl-*.i386.rpm

Please ignore the "directory not empty" messages

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

7542698bece734cccc30c8ef83c5af87 perl-5.005_03-6.i386.rpm
0b6e1a7e1615a5400e07c10cfd924203 perl-5.005_03-6.src.rpm
42356e924d6e6a1d5507c0951b5b5c78 perl-add-5.005_03-6.i386.rpm
49ab8a7f2e3a9f96f51ade1510405331 perl-examples-5.005_03-6.i386.rpm
2ec837db5f8bf0af5610748e2a7793a2 perl-man-5.005_03-6.i386.rpm
64cc98b972e8f9297933ac74fd547386 perl-pod-5.005_03-6.i386.rpm
6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv perl-*.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 7347.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see 
http://www.gnupg.org iD8DBQE5jtvO18sy83A/qfwRAjtyAJ99lp4/lcXN6kS6U4he6cY8Gl0dlACdGiDA SLbjCa/O3Icn0127HXoaqEg= =KR/d -----END PGP SIGNATURE-----