From sup-info@LOCUTUS4.CALDERASYSTEMS.COM Wed Dec 6 13:39:55 2000 From: Caldera Support Info To: BUGTRAQ@SECURITYFOCUS.COM Date: Tue, 5 Dec 2000 10:47:14 -0700 Subject: [BUGTRAQ] Security Update: CSSA-2000-043.0 unsecure temp files in tcsh -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: unsecure temp files in tcsh Advisory number: CSSA-2000-043.0 Issue date: 2000 December, 1 Cross reference: ______________________________________________________________________________ 1. Problem Description When evaluating a so-called "here script", tcsh writes the contents of that script to a temporary file, which is created insecurely. Symlink attacks can be used to make tcsh overwrite arbitrary files owned by the invoking user. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to tcsh-6.10.00-2 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder tcsh-6.10.00-2 OpenLinux eDesktop 2.4 All packages previous to tcsh-6.10.00-2 3. Solution Workaround: none The proper solution is to upgrade to the fixed packages 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 9b89b9670997f3352f2e4c8a436db7ff RPMS/tcsh-6.10.00-2.i386.rpm b917e204011a7df41b0bcdfb3d3669eb RPMS/tcsh-doc-html-6.10.00-2.i386.rpm a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q tcsh-doc-html && rpm -e tcsh-doc-html rpm -Uhv tcsh-*.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm 44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q tcsh-doc-html && rpm -e tcsh-doc-html rpm -Uhv tcsh-*.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm 44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q tcsh-doc-html && rpm -e tcsh-doc-html rpm -Uhv tcsh-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 8134. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6K6oh18sy83A/qfwRAsa+AKCyWTacAC7btAAo5dRcp5khv37k9QCgw67k WZrAChXCsMxQHrwc83wxkNo= =tE1u -----END PGP SIGNATURE-----