-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.26: Vulnerability in perl-5.003

Caldera Security Advisory SA-1997.26

Original report date:  13-Nov-1997
RPM build date:    13-Nov-1997
Advisory issue date:  18-Nov-1997

Topic: Vulnerability in the perl-5.003 package


I. Problem Description

  Any user can gain root privileges on a Intel Linux system with
  suidperl 5.003 (having the suid bit, of course) even if "SUIDBUF"
  and "two suidperl security patches" have been applied. Non-Intel or
  non-Linux platforms may be affected as well.


II. Impact

  On systems such as Caldera OpenLinux 1.1, an unprivileged user can
  gain root privileges.

  This problem was present on the following OpenLinux releases:

    CND 1.0
    Base 1.0
    Lite 1.1
    Base 1.1
    Standard 1.1

  To determine if you are affected and need this update you may do
  the following:

    rpm -q perl

  If the results shows perl-5.003-xxx then you will need to update.

  CND 1.0 installations: Please note that the following operations
    require prior installation of the rpm update:

    See ftp://ftp.caldera.com/pub/cnd-1.0/updates/rpm-update.README


III. Solution

  As a temporary workaround, you can clear the suid bit:

    chmod u-s /usr/bin/sperl5.003  

  A better solution is to install the new perl-5.004_03 package
  set which does not contain this problem. They are located on Caldera's 
  FTP server (ftp.caldera.com):

  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS/
    and
  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS/
    for the source.

  Their MD5 checksums are:

  af0d326beb9c64c81d4c2381c2d16c02  perl-5.004_03-1.i386.rpm
  61a3e6b22dce7ba3ba4e1b32378aa7f7  perl-add-5.004_03-1.i386.rpm
  3d6825b76f0284e60ab789402ea0d693  perl-examples-5.004_03-1.i386.rpm
  cee97a2f330cc7761c72656d178f5a3f  perl-man-5.004_03-1.i386.rpm
  6811c88230288529725470ef5bf644e2  perl-pod-5.004_03-1.i386.rpm

  These instructions will only install new versions of packages
  that have been installed. If you are certain a package has not 
  been installed you can skip its line to save typing.
  If you are not certain use all command lines.

  rpm -e perl-5.003 && rpm -i perl-5.004_03-1.i386.rpm
  rpm -e perl-eg-5.003 && rpm -i perl-examples-5.004_03-1.i386.rpm
  rpm -e perl-add-5.003 && rpm -U perl-add-5.004_03-1.i386.rpm
  rpm -e perl-man-5.003 && rpm -U perl-man-5.004_03-1.i386.rpm
  rpm -e perl-pod-5.003 && rpm -U perl-pod-5.004_03-1.i386.rpm


IV. References / Credits

  This advisory is based on the BUGTRAQ post with message ID
  <Pine.LNX.3.95.971113162510.3729B-100000@kerberos.troja.mff.cuni.cz>
  posted by Pavel Kankovsky on 13-Nov-1997.

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This security alert closes Caldera's internal problem report #1098.

V. PGP Signature

  This message was signed with the PGP key for <security@caldera.com>.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.26,v 1.4 1997/11/18 23:53:17 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNHIqqun+9R4958LpAQG16QQAgpUn1JypSu3ojZc/Yi5MzEAhcv7n4nte
EoQVVui+lL1bWu7Uq8/moiEXABkzoVHEeA/3wc1d1k3+n9gnXsu2z+WO5vPoNBkI
G7iqYI6Z7y/dHbhqnYY1pxgKLlzY2JU0xBaee3YmoXCE6bP2dIQtqb6nH0Fv/vVR
FZAdlQ1mZjE=
=g6Dn
-----END PGP SIGNATURE-----