[LWN Logo]
[Timeline]
Date:         Fri, 29 Sep 2000 13:53:49 -0600
Subject:      Security Update: security problem in traceroute
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                security problem in traceroute
Advisory number:        CSSA-2000-034.0
Issue date:             2000 September, 29
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a bug in the traceroute command that can possibly be used
   by local users to obtain super user privilege.

   There are no exploits available so far, but we encourage our customers
   to upgrade nevertheless.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                traceroute-1.4a5-9

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       traceroute-1.4a5-9

   OpenLinux eDesktop 2.4       All packages previous to
                                traceroute-1.4a5-9

3. Solution

   Workaround:

   Remove the setuid bit from traceroute

        chmod u-s /usr/sbin/traceroute

   or uninstall it entirely:

        rpm -e traceroute

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       10a0865014f9a7adde15b1273a613672  RPMS/traceroute-1.4a5-9.i386.rpm
       9bccc641518d1e2726b61911913006ba  SRPMS/traceroute-1.4a5-9.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv traceroute-1.4a5-9.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       8f65446f8da688c94d7a1090579b987c  RPMS/traceroute-1.4a5-9.i386.rpm
       9bccc641518d1e2726b61911913006ba  SRPMS/traceroute-1.4a5-9.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv traceroute-1.4a5-9.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       45cd9ac95771a444ace0e2275789ba11  RPMS/traceroute-1.4a5-9.i386.rpm
       9bccc641518d1e2726b61911913006ba  SRPMS/traceroute-1.4a5-9.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv traceroute-1.4a5-9.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 7927.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

  Thanks to Pekka Savola <pekkas@netcore.fi> for discovering the bug,
  and to Chris Evans <chris@scary.beasts.org>.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE51Jk118sy83A/qfwRAn/xAJ9jjBxGq7hmUC/wmJ4WnONm+5PcSwCfXdOK
F2BtVam2XeK9tCdUb9m68Mo=
=Xetc
-----END PGP SIGNATURE-----