![[LWN Logo]](/images/lwn.banner.gif)
Date: 9 Jun 1999 16:41:11 -0000
From: listmaster@locutus.calderasystems.com
To: announce@lists.calderasystems.com
Subject: Security Announcement
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: /sbin/rmt with suid allows superuser privileges
Advisory number: CSSA-1999:014.0
Issue date: 1999 June 08
Cross reference:
______________________________________________________________________________
1. Problem Description
The rmt(8) program contained in dump-0.4b4 is used to grant
users remote access to a tape drive. By default, this program
is installed as setuid root.
There are several security problems in rmt that allow a local
user to obtain super user privilege via the rmt program.
2. Vulnerable Versions
Systems: OpenLinux 1.3, 2.2
Packages: previous to dump-0.4b4-3
3. Solutions
1. Disable the setuid bit on /sbin/rmt
2. Upgrade to the latest dump-0.4b4-3
rpm -U dump-0.4b4-3.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U dump-0.4b4-3.i386.rpm
6. Verification
c287fb02a35d1fa51c2d901ba17dce33 RPMS/dump-0.4b4-3.i386.rpm
caf2c6e878f4a463b9cd7662be0fbebe SRPMS/dump-0.4b4-3.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
This security fix closes Caldera's internal Problem Report 4602
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN12DUen+9R4958LpAQHTFgP+MCqISHnTIoZakovPfLdRVYm+y6ASA30M
cfvscKDBoaYCoPOqSePcX6MH1YyH3dyQky0461zM9xf7T2OU8VH3oi1XEvLpANMg
Og1dtyBY+9+qFipzuV4bw2wtz1rEc7WikJqNR6bazLJifUPrEi1cXShTWcKvLAjZ
+cDbuW+U9TU=
=6vV4
-----END PGP SIGNATURE-----
--
Note: To learn how to use this list server, email a "help" command to
majordomo@lists.calderasystems.com.