dcsimg
Linux Today: Linux News On Internet Time.





Caldera Security Advisory: imp uses /tmp unsafely

Jul 18, 2001, 00:15 (2 Talkback[s])
Date: Tue, 17 Jul 2001 11:53:49 -0600
From: Support Info <supinfo@caldera.com>
Subject: Security Update: [CSSA-2001--25.0] Linux - imp uses /tmp unsafely


____________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                Linux - imp uses /tmp unsafely
Advisory number:        CSSA-2001-025.0
Issue date:             2001, July 13
Cross reference:
____________________________________________________________________________


1. Problem Description

   Horde and Imp use /tmp in an unsafe manner, allowing local users to
   gain access to the webserver (httpd) account. They also do not protect
   internal data files from being viewed by local or remote attackers.
   The updates packages fix the /tmp problems, add restrictions on what
   files can be viewed and also disables it by default.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable                
   
   OpenLinux eServer 2.3.1       not vulnerable                
   and OpenLinux eBuilder                                      
   
   OpenLinux eDesktop 2.4        not vulnerable                
   
   OpenLinux Server 3.1          All packages previous to      
                                 horde-1.2.4-6
                                 imp-2.2.5-2
   
   OpenLinux Workstation 3.1     not vulnerable                
   


3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    not vulnerable

6. OpenLinux eDesktop 2.4

    not vulnerable

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       2e46c8273545a8e488859639fc9d8448  RPMS/horde-1.2.4-6.i386.rpm
       23feaaf51868f749b8675d819df09188  RPMS/imp-2.2.5-2.i386.rpm
       473ea64f3bbf6c57849465a3b610c083  SRPMS/horde-1.2.4-6.src.rpm
       0b05210f4307f2dd1b5cf0a8a0d34076  SRPMS/imp-2.2.5-2.src.rpm
       

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh horde-*i386.rpm imp-*i386.rpm

8. OpenLinux 3.1 Workstation

    not vulnerable



9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 10116.

10. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

11. Acknowledgements

   Caldera International wishes to thank Jarno Huuskonen for discovering
   the /tmp file problems and the Horde and IMP teams for providing fixes.