From listmaster@locutus.calderasystems.com Sat Jun 12 13:53:47 1999 From: listmaster@locutus.calderasystems.com To: announce@lists.calderasystems.com Date: 9 Jun 1999 16:41:11 -0000 Reply-To: info@calderasystems.com Subject: Security Announcement -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: /sbin/rmt with suid allows superuser privileges Advisory number: CSSA-1999:014.0 Issue date: 1999 June 08 Cross reference: ______________________________________________________________________________ 1. Problem Description The rmt(8) program contained in dump-0.4b4 is used to grant users remote access to a tape drive. By default, this program is installed as setuid root. There are several security problems in rmt that allow a local user to obtain super user privilege via the rmt program. 2. Vulnerable Versions Systems: OpenLinux 1.3, 2.2 Packages: previous to dump-0.4b4-3 3. Solutions 1. Disable the setuid bit on /sbin/rmt 2. Upgrade to the latest dump-0.4b4-3 rpm -U dump-0.4b4-3.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U dump-0.4b4-3.i386.rpm 6. Verification c287fb02a35d1fa51c2d901ba17dce33 RPMS/dump-0.4b4-3.i386.rpm caf2c6e878f4a463b9cd7662be0fbebe SRPMS/dump-0.4b4-3.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4602 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN12DUen+9R4958LpAQHTFgP+MCqISHnTIoZakovPfLdRVYm+y6ASA30M cfvscKDBoaYCoPOqSePcX6MH1YyH3dyQky0461zM9xf7T2OU8VH3oi1XEvLpANMg Og1dtyBY+9+qFipzuV4bw2wtz1rEc7WikJqNR6bazLJifUPrEi1cXShTWcKvLAjZ +cDbuW+U9TU= =6vV4 -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.