Operating System:

Published:

12 June 2000

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
              AUSCERT External Security Bulletin Redistribution
                             
  ESB-2000.133 -- Caldera Systems, Inc.  Security Advisory CSSA-2000-014.0
                           serious bug in setuid()
                                13 June 2000

===========================================================================

	AusCERT Security Bulletin Summary
	---------------------------------

Product:		Linux Kernel
Vendor:			Caldera
Operating System:	OpenLinux
			Linux
Platform:		N/A

Impact:			Root Compromise
Access Required:	Local

Ref:			ESB-2000.128

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                serious bug in setuid()
Advisory number:        CSSA-2000-014.0
Issue date:             2000 May, 31
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a serious vulnerability in the Linux kernel that
   allows local users to obtain root privilege by exploiting
   certain setuid root applications.

   We urge our customers to upgrade to the fixed kernel as soon as possible
   because there's a high potential that exploits for this vulnerability
   will be available soon.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                linux-2.2.10-10

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       linux-2.2.14-2S

   OpenLinux eDesktop 2.4       All packages previous to
                                linux-2.2.14-5

3. Solution

   Workaround:

   none

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

11c75292aeef0ef9dd154e384b1cc4a4  RPMS/linux-kernel-binary-2.2.10-10.i386.rpm
6c7c336938c94002dc2f35f8a1ec600a  RPMS/linux-kernel-doc-2.2.10-10.i386.rpm
241a61a040f1e697cf1cc556589a506f  RPMS/linux-kernel-include-2.2.10-10.i386.rpm
cb822c4e685f16ec69a6130b9a86f746  RPMS/linux-source-alpha-2.2.10-10.i386.rpm
dfc88466ceb9389d24e9103f8d5ac932  RPMS/linux-source-arm-2.2.10-10.i386.rpm
18e0de53049477108f951f8f4e558ec3  RPMS/linux-source-common-2.2.10-10.i386.rpm
3ce0b0cd68dd58f1318527ed3b1c1e97  RPMS/linux-source-i386-2.2.10-10.i386.rpm
81ff1f17a67cdc9a0089c277d37d7c32  RPMS/linux-source-m68k-2.2.10-10.i386.rpm
1b275795ea839cf58cfbefc3d5c1564a  RPMS/linux-source-mips-2.2.10-10.i386.rpm
e412d8d6f9a4d92accbce2a42252d4ca  RPMS/linux-source-ppc-2.2.10-10.i386.rpm
78b37e04fe849dfa3e1c70d20c3653d5  RPMS/linux-source-sparc-2.2.10-10.i386.rpm
9d2b1d8bb027df0e26f7636fb6c75d2f  RPMS/linux-source-sparc64-2.2.10-10.i386.rpm
2f80db2f15c0f234fd5c607f4508735c  SRPMS/linux-2.2.10-10.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F linux-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

15864a1df8208e4e12c9b04430535aa2  RPMS/linux-kernel-binary-2.2.14-2S.i386.rpm
0a137c3cddba9317df35daab1cc84b10  RPMS/linux-kernel-doc-2.2.14-2S.i386.rpm
1f6f58b32781a46de24f61bf4940ee87  RPMS/linux-kernel-include-2.2.14-2S.i386.rpm
f0359257a1f43292b7d079959b61c61d  RPMS/linux-source-alpha-2.2.14-2S.i386.rpm
8b66707076b75fde643e25ddfd924ef9  RPMS/linux-source-arm-2.2.14-2S.i386.rpm
b2a6959a5a1df5273ad108b9653f842c  RPMS/linux-source-common-2.2.14-2S.i386.rpm
2e152bd8e631e6d0de4cbe6e6587e671  RPMS/linux-source-i386-2.2.14-2S.i386.rpm
9afae701d3156aedc49f3218a9419252  RPMS/linux-source-m68k-2.2.14-2S.i386.rpm
90fb4f3b4ab3a65cff029467b127fefe  RPMS/linux-source-mips-2.2.14-2S.i386.rpm
e92a234bad64213b3b8b55130825c27c  RPMS/linux-source-ppc-2.2.14-2S.i386.rpm
bfd6d389513ca9194ae40ab6bda9373e  RPMS/linux-source-sparc-2.2.14-2S.i386.rpm
bb9f75bf05927193e24b18ad51c9fb50  RPMS/linux-source-sparc64-2.2.14-2S.i386.rpm
d71523470a0ea289dbf5cec040ef142d  SRPMS/linux-2.2.14-2S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F linux-*.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

7327746945691a5e6e89efc998e4d720  RPMS/linux-kernel-binary-2.2.14-5.i386.rpm
ccae8b5be63c0b4ca789453d11140dbb  RPMS/linux-kernel-doc-2.2.14-5.i386.rpm
717194590eacc4b7c3daa78277024809  RPMS/linux-kernel-include-2.2.14-5.i386.rpm
c49eb57da7c1af06914137d9c5d610b4  RPMS/linux-source-alpha-2.2.14-5.i386.rpm
61ca4687fc8a509e48b0515bbad38b0d  RPMS/linux-source-arm-2.2.14-5.i386.rpm
a87616d227f4bb6f88afcc6f57ad67d5  RPMS/linux-source-common-2.2.14-5.i386.rpm
f73d5129afbd59611a4a2e1283203cb8  RPMS/linux-source-i386-2.2.14-5.i386.rpm
e2a514b701f0ff2722e4999ff900a226  RPMS/linux-source-m68k-2.2.14-5.i386.rpm
fba03dd1630d50677e4a225e3a335bf0  RPMS/linux-source-mips-2.2.14-5.i386.rpm
340d604d26ff58c95ad90c356b5d444a  RPMS/linux-source-ppc-2.2.14-5.i386.rpm
1067a83a5d2c8f6d9eea206521622b36  RPMS/linux-source-sparc-2.2.14-5.i386.rpm
367e2d09e2ed382def3b6c2abc13c8d3  RPMS/linux-source-sparc64-2.2.14-5.i386.rpm
b648b9653e81ad8b0acef5df5cb6797e  SRPMS/linux-2.2.14-5.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F linux-*.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 6799

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.


9. Acknowledgements

   Caldera Systems wishes to thank Wojciech Purczynski for discovering
   and reporting the bug, and Chris Evans, Ted T'so, and Andrew Morgan
   for their assistance.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5NlL718sy83A/qfwRAr8tAJ9KH0gguf6GzKoDvx5laP6RFL+1KACeIrCG
0lExkCf13ipXbdZaZ+65zG8=
=Q1DG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBOXXTOyh9+71yA2DNAQHlQwP/esvC2rViWvhHkvh4+HzH0xeezMQB8jP2
hHdThITA3LjeO6dHqLSidksRhtmZpjPS+uxrO3D902grgLGgHX4L3dNhdvaektnO
pH4N+wqGGMPQmsE+o5qwGHP6FJClm/mGGSuVvpPWsdxSr/ZeeeEIb5kQM3LnWT5x
f4oVkoMVSw0=
=comN
-----END PGP SIGNATURE-----