Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-SCO.27-ppptalk root privilege vulnerability

CSSA-2002-SCO.27-ppptalk root privilege vulnerability

by Nikola Strahija on June 19th, 2002 If pppd is running (which it is on a default installation), a malicious user can use /usr/bin/ppptalk (or its link, /usr/bin/ppp), to gain root privileges.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.1 /usr/bin/ppptalk
Open UNIX 8.0.0 /usr/bin/ppptalk


3. Solution

The proper solution is to install the latest packages.
However, removing the setuid bits from the /etc/ppptalk
binary will effectively eliminate the vulnerability.


4. UnixWare 7.1.1

4.1 Location of Fixed Binaries

ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27


4.2 Verification

MD5 (erg712071.pkg.Z) = 9e353b58860c1b2ab4e831410f44fa12

md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg712071.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712071.pkg.Z
# pkgadd -d /var/spool/pkg/erg712071.pkg


5. Open UNIX 8.0.0

5.1 Location of Fixed Binaries

ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27


5.2 Verification

MD5 (erg712071.pkg.Z) = 9e353b58860c1b2ab4e831410f44fa12

md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools


5.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg712071.pkg.Z to the /var/spool/pkg directory

# uncompress /var/spool/pkg/erg712071.pkg.Z
# pkgadd -d /var/spool/pkg/erg712071.pkg


6. References

Specific references for this advisory:
none

Caldera security resources:
http://www.caldera.com/support/security/index.html

This security fix closes Caldera incidents sr865661, fz521199
and erg712071.


7. Disclaimer

Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »