SA-1997.26.txt
050769579fa8db6e84ca0bd4c3357508ea86f93afd71b23f31c3aac31a527c3a
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.26: Vulnerability in perl-5.003
Caldera Security Advisory SA-1997.26
Original report date: 13-Nov-1997
RPM build date: 13-Nov-1997
Advisory issue date: 18-Nov-1997
Topic: Vulnerability in the perl-5.003 package
I. Problem Description
Any user can gain root privileges on a Intel Linux system with
suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF"
and "two suidperl security patches" have been applied. Non-Intel or
non-Linux platforms may be affected as well.
II. Impact
On systems such as Caldera OpenLinux 1.1, an unprivileged user can
gain root privileges.
This problem was present on the following OpenLinux releases:
CND 1.0
Base 1.0
Lite 1.1
Base 1.1
Standard 1.1
To determine if you are affected and need this update you may do
the following:
rpm -q perl
If the results shows perl-5.003-xxx then you will need to update.
CND 1.0 installations: Please note that the following operations
require prior installation of the rpm update:
See ftp://ftp.caldera.com/pub/cnd-1.0/updates/rpm-update.README
III. Solution
As a temporary workaround, you can clear the suid bit:
chmod u-s /usr/bin/sperl5.003
A better solution is to install the new perl-5.004_03 package
set which does not contain this problem. They are located on Caldera's
FTP server (ftp.caldera.com):
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS/
and
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS/
for the source.
Their MD5 checksums are:
af0d326beb9c64c81d4c2381c2d16c02 perl-5.004_03-1.i386.rpm
61a3e6b22dce7ba3ba4e1b32378aa7f7 perl-add-5.004_03-1.i386.rpm
3d6825b76f0284e60ab789402ea0d693 perl-examples-5.004_03-1.i386.rpm
cee97a2f330cc7761c72656d178f5a3f perl-man-5.004_03-1.i386.rpm
6811c88230288529725470ef5bf644e2 perl-pod-5.004_03-1.i386.rpm
These instructions will only install new versions of packages
that have been installed. If you are certain a package has not
been installed you can skip its line to save typing.
If you are not certain use all command lines.
rpm -e perl-5.003 && rpm -i perl-5.004_03-1.i386.rpm
rpm -e perl-eg-5.003 && rpm -i perl-examples-5.004_03-1.i386.rpm
rpm -e perl-add-5.003 && rpm -U perl-add-5.004_03-1.i386.rpm
rpm -e perl-man-5.003 && rpm -U perl-man-5.004_03-1.i386.rpm
rpm -e perl-pod-5.003 && rpm -U perl-pod-5.004_03-1.i386.rpm
IV. References / Credits
This advisory is based on the BUGTRAQ post with message ID
<Pine.LNX.3.95.971113162510.3729B-100000@kerberos.troja.mff.cuni.cz>
posted by Pavel Kankovsky on 13-Nov-1997.
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
This security alert closes Caldera's internal problem report #1098.
V. PGP Signature
This message was signed with the PGP key for <security@caldera.com>.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
$Id: SA-1997.26,v 1.4 1997/11/18 23:53:17 ron Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNHIqqun+9R4958LpAQG16QQAgpUn1JypSu3ojZc/Yi5MzEAhcv7n4nte
EoQVVui+lL1bWu7Uq8/moiEXABkzoVHEeA/3wc1d1k3+n9gnXsu2z+WO5vPoNBkI
G7iqYI6Z7y/dHbhqnYY1pxgKLlzY2JU0xBaee3YmoXCE6bP2dIQtqb6nH0Fv/vVR
FZAdlQ1mZjE=
=g6Dn
-----END PGP SIGNATURE-----