Linux Today: Linux News On Internet Time.

More on LinuxToday

Caldera Advisory: Race Condition in fileutils

Apr 30, 2002, 13:26 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >


                Caldera International, Inc.  Security Advisory

Subject:                Linux: Race condition in fileutils
Advisory number:        CSSA-2002-018.0
Issue date:             2002 April 26
Cross reference:

1. Problem Description

        A race condition in various utilities from the GNU fileutils
        package may cause a root user to delete the whole filesystem.

2. Vulnerable Supported Versions

        System                          Package

        OpenLinux 3.1.1 Server          prior to fileutils-4.1-4.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to fileutils-4.1-4.i386.rpm

        OpenLinux 3.1 Server            prior to fileutils-4.1-4.i386.rpm

        OpenLinux 3.1 Workstation       prior to fileutils-4.1-4.i386.rpm

3. Solution

        The proper solution is to install the latest packages.

4. OpenLinux 3.1.1 Server

        4.1 Package Location

        4.2 Packages

        608a5485dd9a8799795254ba7d2089da        fileutils-4.1-4.i386.rpm

        4.3 Installation

        rpm -Fvh fileutils-4.1-4.i386.rpm

        4.4 Source Package Location

        4.5 Source Packages

        c44a43f1ce810a01978ce2e8efadadbf        fileutils-4.1-4.src.rpm

5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        5.2 Packages

        f10c905587b4221fc794cefaf262e9ee        fileutils-4.1-4.i386.rpm

        5.3 Installation

        rpm -Fvh fileutils-4.1-4.i386.rpm

        5.4 Source Package Location

        5.5 Source Packages

        7e5519acdca5c17d12b3598847ec1ded        fileutils-4.1-4.src.rpm

6. OpenLinux 3.1 Server

        6.1 Package Location

        6.2 Packages

        334154c1635b50ad81a2f1b841ccadd8        fileutils-4.1-4.i386.rpm

        6.3 Installation

        rpm -Fvh fileutils-4.1-4.i386.rpm

        6.4 Source Package Location

        6.5 Source Packages

        6a12bbcaefb252eac3fe4b79464881e4        fileutils-4.1-4.src.rpm

7. OpenLinux 3.1 Workstation

        7.1 Package Location

        7.2 Packages

        2db4e5565fc7d38ee5cdf3be57f86301        fileutils-4.1-4.i386.rpm

        7.3 Installation

        rpm -Fvh fileutils-4.1-4.i386.rpm

        7.4 Source Package Location

        7.5 Source Packages

        1b5ef3933f229b68cd8e24fb75c5a0de        fileutils-4.1-4.src.rpm

8. References

        Specific references for this advisory:

       Wojciech Purczynski (iSEC

        Caldera OpenLinux security resources:

        Caldera UNIX security resources:

        This security fix closes Caldera incidents sr862917, fz520627,

9. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.

10. Acknowledgements

        Wojciech Purczynski (iSEC Security Research,
        reported this vulnerability.