Date: Tue, 17 Jul 2001 11:53:49 -0600
From: Support Info <supinfo@caldera.com>
To: announce@lists.caldera.com, bugtraq@securityfocus.com,
Subject: Security Update: [CSSA-2001--25.0] Linux - imp uses /tmp unsafely
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
___________________________________________________________________________=
___
Caldera International, Inc. Security Advisory
Subject: Linux - imp uses /tmp unsafely
Advisory number: CSSA-2001-025.0
Issue date: 2001, July 13
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
Horde and Imp use /tmp in an unsafe manner, allowing local users to
gain access to the webserver (httpd) account. They also do not protect
internal data files from being viewed by local or remote attackers.
The updates packages fix the /tmp problems, add restrictions on what
files can be viewed and also disables it by default.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 not vulnerable =20
=20
OpenLinux eServer 2.3.1 not vulnerable =20
and OpenLinux eBuilder =20
=20
OpenLinux eDesktop 2.4 not vulnerable =20
=20
OpenLinux Server 3.1 All packages previous to =20
horde-1.2.4-6
imp-2.2.5-2
=20
OpenLinux Workstation 3.1 not vulnerable =20
=20
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
not vulnerable
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
not vulnerable
6. OpenLinux eDesktop 2.4
not vulnerable
7. OpenLinux 3.1 Server
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
7.2 Verification
2e46c8273545a8e488859639fc9d8448 RPMS/horde-1.2.4-6.i386.rpm
23feaaf51868f749b8675d819df09188 RPMS/imp-2.2.5-2.i386.rpm
473ea64f3bbf6c57849465a3b610c083 SRPMS/horde-1.2.4-6.src.rpm
0b05210f4307f2dd1b5cf0a8a0d34076 SRPMS/imp-2.2.5-2.src.rpm
=20
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh horde-*i386.rpm imp-*i386.rpm
8. OpenLinux 3.1 Workstation
not vulnerable
9. References
This and other Caldera security resources are located at:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 10116.
10. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
11. Acknowledgements
Caldera International wishes to thank Jarno Huuskonen for discovering
the /tmp file problems and the Horde and IMP teams for providing fixes.
___________________________________________________________________________=
___
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7TsR/18sy83A/qfwRAr25AJ9EE7WRPV/mzHRf100FHfvyZsEa+gCeILp2
QxDmdBq8vLE+kwdHs6guYAk=3D
=3DhJ2o
-----END PGP SIGNATURE-----
=00
