SA-1997.22.txt
d9bd900c53b64e7b6ffeb0fd4db251274fa40e61bfa058b3564119d7aab43417
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.22: Vulnerability in mgetty
Caldera Security Advisory SA-1997.22
RPM build date: 26-Jul-1997
Advisory issue date: 29-Sep-1997
Topic: Vulnerability in mgetty package
I. Problem Description
A security hole was found in the auxiliary fax scripts "faxq" and
"faxrunq" in the mgetty+sendfax package. It has been in there since
the first day those scripts were written. Due to improper quoting in
these shell scripts, it's possible to execute code with a foreign user
id, and get root access to the machine.
II. Impact
Normal users have the ability to gain root access on a local host.
The mgetty package distributed on the following OpenLinux
releases are vulnerable:
Lite 1.1
Base 1.1
Standard 1.1
This new mgetty has been found to function properly on all of
the distributions shown above.
III. Solution
Install the new mgetty-1.1.1_Jan28-2 package, as described below.
Both binary and source packages are located on Caldera's FTP server
(ftp.caldera.com):
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/
The md5sums for these packages are:
34be17c12fca2ffc7ba4f4808627c4cd SRPMS/mgetty-1.1.1_Jan28-2.src.rpm
38f991c8432a0e1cb376cdd87656e73d RPMS/mgetty-1.1.1_Jan28-2.i386.rpm
To install the update use the following command:
rpm -U RPMS/mgetty-1.1.1_Jan28-2.i386.rpm
IV. References / Credits
Fixes a security problem reported on the "BugTraq" email list
disclosed 24-July-1997 by Gert Doering <gert@GREENIE.MUC.DE>.
Message-Id: <m0wrUPl-0000IxC@greenie.muc.de>.
Credits for finding the problem go to Herbert Thielen
(thielen@lpr.e-technik.tu-muenchen.de).
The mgetty web site is:
http://www.leo.org/~doering/mgetty/
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
V. PGP Signature
This message was signed with the PGP key for <security@caldera.com>.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
$Id: SA-1997.22,v 1.1 1997/09/29 20:44:54 ron Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNDATgun+9R4958LpAQFTnAQAr+ksAh/PPztBzpb2UasX0BlMoMKqJXPi
27TrPlGdyshvpeJ9rC4dWRj9kNAB0ZOTPaZ9Sc5FwwDHOdNJl4VGzoghQGo4kXj4
adgg+yDyWtVB9q0tV5XgJzOuOMSWyA09bhl/7POKHuUzP2qL49IsEF8Z6KpgyMN8
nUw2mkZhMoE=
=6AwH
-----END PGP SIGNATURE-----