Return-Path: owner-bugtraq@SECURITYFOCUS.COM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6us Message-ID: <20000608114055.A9960@phoenix.calderasystems.com> Date: Thu, 8 Jun 2000 11:40:55 -0600 Reply-To: Technical Support Sender: Bugtraq List From: Technical Support Subject: Security Update: serious bug in setuid() X-To: announce@lists.calderasystems.com, linux-security@redhat.com To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: serious bug in setuid() Advisory number: CSSA-2000-014.0 Issue date: 2000 May, 31 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a serious vulnerability in the Linux kernel that allows local users to obtain root privilege by exploiting certain setuid root applications. We urge our customers to upgrade to the fixed kernel as soon as possible because there's a high potential that exploits for this vulnerability will be available soon. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to linux-2.2.10-10 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder linux-2.2.14-2S OpenLinux eDesktop 2.4 All packages previous to linux-2.2.14-5 3. Solution Workaround: none The proper solution is to upgrade to the fixed packages. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 11c75292aeef0ef9dd154e384b1cc4a4 RPMS/linux-kernel-binary-2.2.10-10.i386.rpm 6c7c336938c94002dc2f35f8a1ec600a RPMS/linux-kernel-doc-2.2.10-10.i386.rpm 241a61a040f1e697cf1cc556589a506f RPMS/linux-kernel-include-2.2.10-10.i386.rpm cb822c4e685f16ec69a6130b9a86f746 RPMS/linux-source-alpha-2.2.10-10.i386.rpm dfc88466ceb9389d24e9103f8d5ac932 RPMS/linux-source-arm-2.2.10-10.i386.rpm 18e0de53049477108f951f8f4e558ec3 RPMS/linux-source-common-2.2.10-10.i386.rpm 3ce0b0cd68dd58f1318527ed3b1c1e97 RPMS/linux-source-i386-2.2.10-10.i386.rpm 81ff1f17a67cdc9a0089c277d37d7c32 RPMS/linux-source-m68k-2.2.10-10.i386.rpm 1b275795ea839cf58cfbefc3d5c1564a RPMS/linux-source-mips-2.2.10-10.i386.rpm e412d8d6f9a4d92accbce2a42252d4ca RPMS/linux-source-ppc-2.2.10-10.i386.rpm 78b37e04fe849dfa3e1c70d20c3653d5 RPMS/linux-source-sparc-2.2.10-10.i386.rpm 9d2b1d8bb027df0e26f7636fb6c75d2f RPMS/linux-source-sparc64-2.2.10-10.i386.rpm 2f80db2f15c0f234fd5c607f4508735c SRPMS/linux-2.2.10-10.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F linux-*.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 15864a1df8208e4e12c9b04430535aa2 RPMS/linux-kernel-binary-2.2.14-2S.i386.rpm 0a137c3cddba9317df35daab1cc84b10 RPMS/linux-kernel-doc-2.2.14-2S.i386.rpm 1f6f58b32781a46de24f61bf4940ee87 RPMS/linux-kernel-include-2.2.14-2S.i386.rpm f0359257a1f43292b7d079959b61c61d RPMS/linux-source-alpha-2.2.14-2S.i386.rpm 8b66707076b75fde643e25ddfd924ef9 RPMS/linux-source-arm-2.2.14-2S.i386.rpm b2a6959a5a1df5273ad108b9653f842c RPMS/linux-source-common-2.2.14-2S.i386.rpm 2e152bd8e631e6d0de4cbe6e6587e671 RPMS/linux-source-i386-2.2.14-2S.i386.rpm 9afae701d3156aedc49f3218a9419252 RPMS/linux-source-m68k-2.2.14-2S.i386.rpm 90fb4f3b4ab3a65cff029467b127fefe RPMS/linux-source-mips-2.2.14-2S.i386.rpm e92a234bad64213b3b8b55130825c27c RPMS/linux-source-ppc-2.2.14-2S.i386.rpm bfd6d389513ca9194ae40ab6bda9373e RPMS/linux-source-sparc-2.2.14-2S.i386.rpm bb9f75bf05927193e24b18ad51c9fb50 RPMS/linux-source-sparc64-2.2.14-2S.i386.rpm d71523470a0ea289dbf5cec040ef142d SRPMS/linux-2.2.14-2S.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F linux-*.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 7327746945691a5e6e89efc998e4d720 RPMS/linux-kernel-binary-2.2.14-5.i386.rpm ccae8b5be63c0b4ca789453d11140dbb RPMS/linux-kernel-doc-2.2.14-5.i386.rpm 717194590eacc4b7c3daa78277024809 RPMS/linux-kernel-include-2.2.14-5.i386.rpm c49eb57da7c1af06914137d9c5d610b4 RPMS/linux-source-alpha-2.2.14-5.i386.rpm 61ca4687fc8a509e48b0515bbad38b0d RPMS/linux-source-arm-2.2.14-5.i386.rpm a87616d227f4bb6f88afcc6f57ad67d5 RPMS/linux-source-common-2.2.14-5.i386.rpm f73d5129afbd59611a4a2e1283203cb8 RPMS/linux-source-i386-2.2.14-5.i386.rpm e2a514b701f0ff2722e4999ff900a226 RPMS/linux-source-m68k-2.2.14-5.i386.rpm fba03dd1630d50677e4a225e3a335bf0 RPMS/linux-source-mips-2.2.14-5.i386.rpm 340d604d26ff58c95ad90c356b5d444a RPMS/linux-source-ppc-2.2.14-5.i386.rpm 1067a83a5d2c8f6d9eea206521622b36 RPMS/linux-source-sparc-2.2.14-5.i386.rpm 367e2d09e2ed382def3b6c2abc13c8d3 RPMS/linux-source-sparc64-2.2.14-5.i386.rpm b648b9653e81ad8b0acef5df5cb6797e SRPMS/linux-2.2.14-5.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -F linux-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 6799 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems wishes to thank Wojciech Purczynski for discovering and reporting the bug, and Chris Evans, Ted T'so, and Andrew Morgan for their assistance. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5NlL718sy83A/qfwRAr8tAJ9KH0gguf6GzKoDvx5laP6RFL+1KACeIrCG 0lExkCf13ipXbdZaZ+65zG8= =Q1DG -----END PGP SIGNATURE-----