Date: Tue, 29 Oct 2002 17:25:32 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability
--6sX45UoQRIJXqkqR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@li=
nuxsecurity.com full-disclosure@lists.netsys.com
___________________________________________________________________________=
___
SCO Security Advisory
Subject: Linux: chfn (util-linux) temp file race vulnerability=20
Advisory number: CSSA-2002-043.0
Issue date: 2002 October 29
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
The util-linux package vulnerable to privilege escalation when the
"ptmptmp" file is not removed properly when using "chfn" utility.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to util-linux-2.11l-5.1.i386.rpm
OpenLinux 3.1.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm
OpenLinux 3.1 Server prior to util-linux-2.11l-5.1.i386.rpm
OpenLinux 3.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/RPMS
4.2 Packages
98e88787d222b51faabb2e070938f042 util-linux-2.11l-5.1.i386.rpm
4.3 Installation
rpm -Fvh util-linux-2.11l-5.1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/SRPMS
4.5 Source Packages
ad191ca704a7ce42122be237bd130130 util-linux-2.11l-5.1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/=
RPMS
5.2 Packages
41a6998cc6a49350c92e6b39c7fd313b util-linux-2.11l-5.1.i386.rpm
5.3 Installation
rpm -Fvh util-linux-2.11l-5.1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/=
SRPMS
5.5 Source Packages
a94ff2530db09700bcc8ccb245f4c084 util-linux-2.11l-5.1.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/RPMS
6.2 Packages
bea4d3169f518c9ce5453befdc6c2372 util-linux-2.11l-5.1.i386.rpm
6.3 Installation
rpm -Fvh util-linux-2.11l-5.1.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/SRPMS
6.5 Source Packages
8eda88f37ed5d3ed98a0e6a2e260fe25 util-linux-2.11l-5.1.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/RP=
MS
7.2 Packages
4bdca72dec95ca197a2e623aa940b14e util-linux-2.11l-5.1.i386.rpm
7.3 Installation
rpm -Fvh util-linux-2.11l-5.1.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/SR=
PMS
7.5 Source Packages
4bef4047eed39cd905dc20efb8a1a9d7 util-linux-2.11l-5.1.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0638http://www.kb.cert.org/vuls/id/405955http://razor.bindview.com/publish/advisories/adv_chfn.html
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr866639, fz521517,
erg501629.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
The BindView RAZOR Team discovered and researched this
vulnerability.
___________________________________________________________________________=
___
--6sX45UoQRIJXqkqR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj2/NQwACgkQbluZssSXDTEg7QCghnMdv/biK8Sho82aDUC/IPv3
cEgAnR8Xk6dkjJgTZfGbpIY3fSvpVPYp
=gGOB
-----END PGP SIGNATURE-----
--6sX45UoQRIJXqkqR--
