From security@caldera.com Thu Aug 8 03:35:11 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Tue, 30 Jul 2002 18:20:54 -0700 Reply-To: full-disclosure@lists.netsys.com Subject: [Full-Disclosure] Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: temporary file races in libmm Advisory number: CSSA-2002-032.0 Issue date: 2002 July 30 Cross reference: ______________________________________________________________________________ 1. Problem Description The OSSP mm library (libmm) allows a local Apache user to gain privileges via temporary files, possibly via a symbolic link. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to apache-1.3.22-6.2.i386.rpm prior to apache-devel-1.3.22-6.2.i386.rpm prior to apache-doc-1.3.22-6.2.i386.rpm prior to mm-1.1.3-6.i386.rpm prior to mm-devel-1.1.3-6.i386.rpm prior to mm-devel-static-1.1.3-6.i386.rpm OpenLinux 3.1.1 Workstation prior to apache-1.3.22-6.2.i386.rpm prior to apache-devel-1.3.22-6.2.i386.rpm prior to apache-doc-1.3.22-6.2.i386.rpm prior to mm-1.1.3-6.i386.rpm prior to mm-devel-1.1.3-6.i386.rpm prior to mm-devel-static-1.1.3-6.i386.rpm OpenLinux 3.1 Server prior to apache-1.3.22-6.2.i386.rpm prior to apache-devel-1.3.22-6.2.i386.rpm prior to apache-doc-1.3.22-6.2.i386.rpm prior to mm-1.1.3-6.i386.rpm prior to mm-devel-1.1.3-6.i386.rpm prior to mm-devel-static-1.1.3-6.i386.rpm OpenLinux 3.1 Workstation prior to apache-1.3.22-6.2.i386.rpm prior to apache-devel-1.3.22-6.2.i386.rpm prior to apache-doc-1.3.22-6.2.i386.rpm prior to mm-1.1.3-6.i386.rpm prior to mm-devel-1.1.3-6.i386.rpm prior to mm-devel-static-1.1.3-6.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/RPMS 4.2 Packages 288b4b7f04fd6f86c57a37600445fad2 apache-1.3.22-6.2.i386.rpm 0fb7cb950273fa4033c9b3e7ae0c866c apache-devel-1.3.22-6.2.i386.rpm 58b2239773abb64736cdae47e974f5bd apache-doc-1.3.22-6.2.i386.rpm e90244e70b6637fd4a6e0b996790027e mm-1.1.3-6.i386.rpm 12beafe3a80add0b0d259f3862618888 mm-devel-1.1.3-6.i386.rpm bbe13db9994ae59d6a9e02e82d767bb9 mm-devel-static-1.1.3-6.i386.rpm 4.3 Installation rpm -Fvh apache-1.3.22-6.2.i386.rpm rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm rpm -Fvh mm-1.1.3-6.i386.rpm rpm -Fvh mm-devel-1.1.3-6.i386.rpm rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm 4.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-032.0/SRPMS 4.5 Source Packages 3f1508fed9c5a7120e948d2f23fa5a07 apache-1.3.22-6.2.src.rpm 9437d47263c28b7efc3fa32fd0b7e2bf mm-1.1.3-6.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/RPMS 5.2 Packages 5d88563f7a3f648cd0ba177866b4c7f4 apache-1.3.22-6.2.i386.rpm a91ea79523076fa7f71f008242455c74 apache-devel-1.3.22-6.2.i386.rpm 5ef1e68029253f18df3a86243f43b38e apache-doc-1.3.22-6.2.i386.rpm a9380214993caaf1664390d6107a9d99 mm-1.1.3-6.i386.rpm 9dce92bf81c56f29222e7f686f156463 mm-devel-1.1.3-6.i386.rpm 4f36db29f5eb08fec4a9ee5074e6731a mm-devel-static-1.1.3-6.i386.rpm 5.3 Installation rpm -Fvh apache-1.3.22-6.2.i386.rpm rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm rpm -Fvh mm-1.1.3-6.i386.rpm rpm -Fvh mm-devel-1.1.3-6.i386.rpm rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm 5.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-032.0/SRPMS 5.5 Source Packages b9ccef42f9e9878381532b4959f52f2a apache-1.3.22-6.2.src.rpm bd8d1a94fa5ca11a87a64580d9e82bcc mm-1.1.3-6.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/RPMS 6.2 Packages a93ed3ebd0aa817d400160468c3fe3a1 apache-1.3.22-6.2.i386.rpm 58d3e98367b84159223bac4b69b1bdd6 apache-devel-1.3.22-6.2.i386.rpm ec2c93fa309fe29a90f593da3db71af8 apache-doc-1.3.22-6.2.i386.rpm 3391fb0b8505b0ec0c3c8f3370508fc9 mm-1.1.3-6.i386.rpm c72a0338d81452ab4932b6c1de82f0cc mm-devel-1.1.3-6.i386.rpm 4471799937497c53c5d4ccde411a64fe mm-devel-static-1.1.3-6.i386.rpm 6.3 Installation rpm -Fvh apache-1.3.22-6.2.i386.rpm rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm rpm -Fvh mm-1.1.3-6.i386.rpm rpm -Fvh mm-devel-1.1.3-6.i386.rpm rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm 6.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-032.0/SRPMS 6.5 Source Packages 4895bc8f8bf5567a467332a7ff129492 apache-1.3.22-6.2.src.rpm 4a0cd7bdf6a7d6ebe769a96e0e25a83c mm-1.1.3-6.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/RPMS 7.2 Packages ab902357aade4b77427442c6cef70510 apache-1.3.22-6.2.i386.rpm 8bf8a482b851db023e8a8942e25321e7 apache-devel-1.3.22-6.2.i386.rpm 114f59b93d19be1cdb95087f8a17d9ce apache-doc-1.3.22-6.2.i386.rpm c060a276958dd1b376b93512d0522fdf mm-1.1.3-6.i386.rpm 7e878f082b49816f76c1e7949128c85b mm-devel-1.1.3-6.i386.rpm 665f6d290d6df6594077df97df4d892f mm-devel-static-1.1.3-6.i386.rpm 7.3 Installation rpm -Fvh apache-1.3.22-6.2.i386.rpm rpm -Fvh apache-devel-1.3.22-6.2.i386.rpm rpm -Fvh apache-doc-1.3.22-6.2.i386.rpm rpm -Fvh mm-1.1.3-6.i386.rpm rpm -Fvh mm-devel-1.1.3-6.i386.rpm rpm -Fvh mm-devel-static-1.1.3-6.i386.rpm 7.4 Source Package Location ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-032.0/SRPMS 7.5 Source Packages b0ae3b8ddbd4d09f7fb312cf14a1db8c apache-1.3.22-6.2.src.rpm 94367d892d24215d3e1b6581c1b4e8d3 mm-1.1.3-6.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658 http://www.ossp.org/pkg/lib/mm/ Caldera security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr867252, fz525663, erg501638. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements Sebastian Krahmer and Marcus Meissner discovered and researched this vulnerability. ______________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]