Sicherheit: Unsichere Verwendung von /tmp in tcsh

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
Caldera Systems, Inc. Security Advisory

Subject: unsecure temp files in tcsh
Advisory number: CSSA-2000-043.0
Issue date: 2000 December, 1
Cross reference:
______________________________________________________________________________

1. Problem Description

When evaluating a so-called "here script", tcsh writes the
contents of that script to a temporary file, which is created
insecurely. Symlink attacks can be used to make tcsh overwrite
arbitrary files owned by the invoking user.

2. Vulnerable Versions

System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
tcsh-6.10.00-2

OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder tcsh-6.10.00-2

OpenLinux eDesktop 2.4 All packages previous to
tcsh-6.10.00-2

3. Solution

Workaround:

none

The proper solution is to upgrade to the fixed packages

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

9b89b9670997f3352f2e4c8a436db7ff RPMS/tcsh-6.10.00-2.i386.rpm
b917e204011a7df41b0bcdfb3d3669eb RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm
44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

93f84f61debebe75f984135f9a72a32a RPMS/tcsh-6.10.00-2.i386.rpm
44019349df20160c209a3f111f9880d3 RPMS/tcsh-doc-html-6.10.00-2.i386.rpm
a91cc5ffe8dfe85de3f13b964c514c2f SRPMS/tcsh-6.10.00-2.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -q tcsh-doc-html && rpm -e tcsh-doc-html
rpm -Uhv tcsh-*.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 8134.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6K6oh18sy83A/qfwRAsa+AKCyWTacAC7btAAo5dRcp5khv37k9QCgw67k
WZrAChXCsMxQHrwc83wxkNo=
=tE1u
-----END PGP SIGNATURE-----