Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Taylor UUCP Argument Handling Privilege Elevation Vulnerability

Taylor UUCP Argument Handling Privilege Elevation Vulnerability

by Phiber on September 12th, 2001 A problem has been discovered in Taylor UUCP that makes it possible for local users to gain elevated privileges. The problem is due to the handling of configuration files when passed to uucp via the --config flag.


When uux receives a request to execute commands using a malicious --config file, the commands will be executed with the privileges of uuxqt, a setuid uucp daemon by default.

This makes it possible for a local user to gain elevated privileges, and could lead to a local user gaining administrative access.


Solution:


Ian Lance Taylor Taylor UUCP 1.0.6:

Caldera RPM OpenLinux 2.3 uucp-1.06.2-8OL.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/uucp-1.06.2-8OL.i386.rpm

Caldera RPM OpenLinux 2.3 uucp-doc-1.06.2-8OL.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS/uucp-doc-1.06.2-8OL.i386.rpm

Caldera RPM eServer 2.3.1 uucp-doc-1.06.2-8OL.i386.rpm
ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/uucp-doc-1.06.2-8OL.i386.rpm

Caldera RPM eDesktop 2.4 uucp-1.06.2-8OL.i386.rpm
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/uucp-1.06.2-8OL.i386.rpm

Caldera RPM eDesktop 2.4 uucp-doc-1.06.2-8OL.i386.rpm
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS/uucp-doc-1.06.2-8OL.i386.rpm

Caldera RPM OpenLinux 3.1 Server uucp-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/uucp-1.06.2-8.i386.rpm

Caldera RPM OpenLinux 3.1 Server uucp-doc-html-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/uucp-doc-html-1.06.2-8.i386.rpm

Caldera RPM OpenLinux 3.1 Workstation uucp-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/uucp-1.06.2-8.i386.rpm

Caldera patch OpenLinux 3.1 Server uucp-doc-ps-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/uucp-doc-ps-1.06.2-8.i386.rpm

Caldera RPM OpenLinux 3.1 Workstation uucp-doc-html-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/uucp-doc-html-1.06.2-8.i386.rpm

Caldera patch OpenLinux 3.1 Workstation uucp-doc-ps-1.06.2-8.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/uucp-doc-ps-1.06.2-8.i386.rpm

Conectiva RPM 4.0 i386 uucp-1.06.1-21U40_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/uucp-1.06.1-21U40_1cl.i386.rpm

Conectiva RPM 4.0es i386 uucp-1.06.1-21U40_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/uucp-1.06.1-21U40_1cl.i386.rpm

Conectiva RPM 4.1 i386 uucp-1.06.1-21U41_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/uucp-1.06.1-21U41_1cl.i386.rpm

Conectiva RPM 4.2 i386 uucp-1.06.1-21U42_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/uucp-1.06.1-21U42_1cl.i386.rpm

Conectiva RPM 5.0 i386 uucp-1.06.1-22U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/uucp-1.06.1-22U50_1cl.i386.rpm

Conectiva RPM 5.1 i386 uucp-1.06.1-23U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/uucp-1.06.1-23U51_1cl.i386.rpm

Conectiva RPM 6.0 i386 uucp-1.06.2-4U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/i386/uucp-1.06.2-4U60_1cl.i386.rpm

Conectiva RPM 7.0 i386 uucp-1.06.2-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/i386/uucp-1.06.2-6U70_1cl.i386.rpm

Conectiva RPM 7.0 i386 uucp-cu-1.06.2-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/i386/uucp-cu-1.06.2-6U70_1cl.i386.rpm

Conectiva RPM 7.0 i386 uucp-doc-1.06.2-6U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/i386/uucp-doc-1.06.2-6U70_1cl.i386.rpm

Conectiva RPM ecommerce i386 uucp-1.06.1-22U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/uucp-1.06.1-22U50_1cl.i386.rpm

Conectiva RPM graficas i386 uucp-1.06.1-22U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/uucp-1.06.1-22U50_1cl.i386.rpm




FYI:

Taylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »