![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Tue, 5 Dec 2000 10:47:14 -0700
From: Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
Subject: Security Update: CSSA-2000-043.0 unsecure temp files in tcsh
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: unsecure temp files in tcsh
Advisory number: CSSA-2000-043.0
Issue date: 2000 December, 1
Cross reference:
______________________________________________________________________________
1. Problem Description
When evaluating a so-called "here script", tcsh writes the
contents of that script to a temporary file, which is created
insecurely. Symlink attacks can be used to make tcsh overwrite
arbitrary files owned by the invoking user.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
tcsh-6.10.00-2
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder tcsh-6.10.00-2
OpenLinux eDesktop 2.4 All packages previous to
tcsh-6.10.00-2
3. Solution
Workaround:
none
The proper solution is to upgrade to the fixed packages
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
9b89b9670997f3352f2e4c8a436db7ff RPMS/tcsh-6.10.00-2.i386.rpm
b917e204011a7df41b0bcdfb3d3669eb RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm
44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm
44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 8134.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6K6oh18sy83A/qfwRAsa+AKCyWTacAC7btAAo5dRcp5khv37k9QCgw67k
WZrAChXCsMxQHrwc83wxkNo=
=tE1u
-----END PGP SIGNATURE-----