<<< Date Index >>>     <<< Thread Index >>>

OpenServer 5.0.5 : Insecure creation of files in /tmp



To: announce@xxxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx full-disclosure@xxxxxxx
etsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.5 : Insecure creation of files in /tmp
Advisory number:        CSSA-2003-SCO.27
Issue date:             2003 October 20
Cross reference:        sr865679 fz521201 erg712072 CAN-2003-0872
______________________________________________________________________________


1. Problem Description

        Several scripts use files /tmp in a insecure way. These
        filenames can be symlinked to by a malicious user, and cause
        various nefarious things to happen. 

        OpenServer 5.0.6 has previously fixed all these scripts,
        hence this issue does not affect OpenServer 5.0.6 or 5.0.7.     

        The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2003-0872 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.

2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.5                /etc/init.d/VDISK
                                        /etc/init.d/VDRESTORE
                                        /etc/tcp
                                        /usr/lib/mkdev/hostmib
                                        /etc/init.d/hostmib
                                        /etc/nfs
                                        /etc/nis
                                        /etc/rpcinit
                                        /usr/lib/cleantmp

3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.5

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27


        4.2 Verification

        MD5 (VOL.000.000) = 24ea1000e89272a3d2f12d9fd05de83f

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the VOL* files to the /tmp directory

        2) Run the custom command, specify an install from media
        images, and specify the /tmp directory as the location of
        the images.


5. References

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0872

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr865679 fz521201
        erg712072.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

7. Acknowledgments

        These vulnerabilities were discovered by Tomasz Kusmierz.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/lHnpaqoBO7ipriERAmjsAKCKdkBHb9SdVFuJILsGQR77ULb7cQCfR+Gm
I44TmGqRUrGA8q2pjJ/RVc0=
=S+GY
-----END PGP SIGNATURE-----