Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-043.0-Linux: chfn (util-linux) temp file race vulnerability

CSSA-2002-043.0-Linux: chfn (util-linux) temp file race vulnerability

by Nikola Strahija on October 31st, 2002 The util-linux package vulnerable to privilege escalation when the "ptmptmp" file is not removed properly when using "chfn" utility.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to util-linux-2.11l-5.1.i386.rpm

OpenLinux 3.1.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm

OpenLinux 3.1 Server prior to util-linux-2.11l-5.1.i386.rpm

OpenLinux 3.1 Workstation prior to util-linux-2.11l-5.1.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/RPMS

4.2 Packages

98e88787d222b51faabb2e070938f042 util-linux-2.11l-5.1.i386.rpm

4.3 Installation

rpm -Fvh util-linux-2.11l-5.1.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-043.0/SRPMS

4.5 Source Packages

ad191ca704a7ce42122be237bd130130 util-linux-2.11l-5.1.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/RPMS

5.2 Packages

41a6998cc6a49350c92e6b39c7fd313b util-linux-2.11l-5.1.i386.rpm

5.3 Installation

rpm -Fvh util-linux-2.11l-5.1.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-043.0/SRPMS

5.5 Source Packages

a94ff2530db09700bcc8ccb245f4c084 util-linux-2.11l-5.1.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/RPMS

6.2 Packages

bea4d3169f518c9ce5453befdc6c2372 util-linux-2.11l-5.1.i386.rpm

6.3 Installation

rpm -Fvh util-linux-2.11l-5.1.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/SRPMS

6.5 Source Packages

8eda88f37ed5d3ed98a0e6a2e260fe25 util-linux-2.11l-5.1.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/RPMS

7.2 Packages

4bdca72dec95ca197a2e623aa940b14e util-linux-2.11l-5.1.i386.rpm

7.3 Installation

rpm -Fvh util-linux-2.11l-5.1.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-043.0/SRPMS

7.5 Source Packages

4bef4047eed39cd905dc20efb8a1a9d7 util-linux-2.11l-5.1.src.rpm


8. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0638
http://www.kb.cert.org/vuls/id/405955
http://razor.bindview.com/publish/advisories/adv_chfn.html

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr866639, fz521517,
erg501629.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

The BindView RAZOR Team discovered and researched this
vulnerability.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »