7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
Several Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp, usually root.
A component of the UUCP package, uuxqt, is a daemon that executes commands requested by uux either from the local system or from remote systems. Before executing the command, uuxqt is supposed to filter dangerous command arguments. It fails to properly filter command line arguments that are specified in their long format. This can allow an intruder to gain elevated privileges and execute commands.
An intruder can gain elevated privileges and execute commands.
Apply the patches and upgrades provided by your vendor.
798263
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 25, 2001
Affected
<http://www.caldera.com/support/security/advisories/CSSA-2001-033.0.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: September 25, 2001
Affected
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: September 25, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------------
Debian Security Advisory DSA 079-1 [email protected]
<http://www.debian.org/security/> Martin Schulze
September 24, 2001
- ----------------------------------------------------------------------------
Package : uucp
Vulnerability : uucp uid/gid access
Problem-Type : local exploit
Debian-specific: no
zen-parse has found a problem with Taylor UUCP as distributed with
many GNU/Linux distributions. It was possible to make uux' execute
uucp’ with malicious commandline arguments which gives an attacker
access to files owned by uid/gid uucp.
This problem has been fixed in version of 1.06.1-11potato1 for Debian
GNU/Linux 2.2 by using a patch that RedHat has provided.
We recommend that you upgrade your uucp package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
<http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato1.diff.gz>
MD5 checksum: 4e2f02a4abd2ce86ffb0e154ef5d162b
<http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato1.dsc>
MD5 checksum: fd358e7e14f32ffa16cd3f2e6137b05c
<http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1.orig.tar.gz>
MD5 checksum: 390af5277915fcadbeee74d2f3038af9
Alpha architecture:
<http://security.debian.org/dists/stable/updates/main/binary-alpha/uucp_1.06.1-11potato1_alpha.deb>
MD5 checksum: c1ad1038530a5ee1a6fb92fb90be287f
ARM architecture:
<http://security.debian.org/dists/stable/updates/main/binary-arm/uucp_1.06.1-11potato1_arm.deb>
MD5 checksum: 5821d1b6b9bccfa7486183216ffc7dfa
Intel ia32 architecture:
<http://security.debian.org/dists/stable/updates/main/binary-i386/uucp_1.06.1-11potato1_i386.deb>
MD5 checksum: deb9d76651686c2b0a2d51488e3cf0da
Motorola 680x0 architecture:
<http://security.debian.org/dists/stable/updates/main/binary-m68k/uucp_1.06.1-11potato1_m68k.deb>
MD5 checksum: 37f78dceb1e6c3b492246c888a744af7
PowerPC architecture:
<http://security.debian.org/dists/stable/updates/main/binary-powerpc/uucp_1.06.1-11potato1_powerpc.deb>
MD5 checksum: e2a81774e4cd6c1eabbcf1c8fbf2e406
Sun Sparc architecture:
<http://security.debian.org/dists/stable/updates/main/binary-sparc/uucp_1.06.1-11potato1_sparc.deb>
MD5 checksum: 28148692a588b9b0c9b7598d0084fd2a
These files will be moved into the stable distribution on its next
revision.
- ----------------------------------------------------------------------------
For apt-get: deb <http://security.debian.org/> stable/updates main
For dpkg-ftp: <ftp://security.debian.org/debian-security> dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and <http://packages.debian.org/><pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see <http://www.gnupg.org>
iD8DBQE7ryqnW5ql+IAeqTIRAg85AKC3WjUR7+pcdnNzqJTKYCgAW7JPcgCgoKJz
Eyo1dUud25pN5l8FnvaeCas=
=rFIN
-----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Notified: September 24, 2001 Updated: October 09, 2001
Affected
<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:62.uucp.asc>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Notified: September 24, 2001 Updated: February 08, 2002
Affected
HP Support Information Digests
The security bulletins digest has been split into multiple digests
To update your subscriptions, use your browser to access the
<http://www.itresourcecenter.hp.com/>
Under the Maintenance and Support Menu, click on the “more…” link.
Under the notifications section (near the bottom of the page), select
To subscribe or unsubscribe to a specific security bulletin digest,
o IT Resource Center World Wide Web Service
If you subscribed through the IT Resource Center and would
<http://www.itresourcecenter.hp.com/>
Login using your IT Resource Center User ID and Password.`
Digest Name: daily HP Secure OS Software for Linux security bulletins digest Created: Wed Jan 23 3:00:08 PST 2002
Table of Contents:
`Document ID Title
The documents are listed below.`
Document ID: HPSBTL0201-018 Date Loaded: 20020122 Title: Updated uucp packages available
TEXT
The information in the following Security Bulletin should be acted
Because the vulnerability does not require a HP Secure OS
---------------------------------------------------------------
PLATFORM: Any system running HP Secure OS software for Linux Release 1.0
DAMAGE: Local users can gain inappropriate privileges
SOLUTION: Apply the appropriate RPMs (see section B below)
MANUAL ACTIONS: None
AVAILABILITY: The RPMs are available now.A. Background
Uuxqt is part of a remote command execution facility within
uucp. A flaw exists that allows local users to gain inappropriate
privileges. The uucp package is not included in the default
installation of HP Secure OS Software for Linux release 1.0.
B. Fixing the problem
Hewlett-Packard Company recommends that customers download the RPMs
listed in the following Red Hat Security Advisory:
2002-01-15 uucp (RHSA-2001-165) The uuxqt utility can be used to
execute arbitrary commands as uucp.uucp
<http://www.redhat.com/support/errata/RHSA-2001-165.html>
`
To install the security bulletin RPMs, use the following sequence of commands:
1. If you use the tripwire product, we recommend that you run a a consistency check and fix any violations before installing the security bulletin RPM.
tripwire --check --interactive
2. Install the bulletin RPM from the root account.
rpm -F <bulletin RPM name>
3. Update the tripwire database
tripwire --check --interactive
NOTE: The rpm -q <package name> command can be used to determine if the product is installed. Hewlett-Packard Company recommends applying the Security Bulletin fixes to installed packages only. The -F option to the RPM installer will only apply the fix if the package is currently installed on the system. Dependent RPMs can be found by using the "Find Latest RPMs" search facility at ``<http://www.redhat.com/apps/download>``. To find the latest dependent RPM enter the RPM's name in the "By Keyword" box.
C. To subscribe to automatically receive future HP Security Bulletins from the HP IT Resource Center via electronic mail, do the following:
Use your browser to access the HP IT Resource Center page at:
``<http://itrc.hp.com>``
Use the 'Login' tab at the left side of the screen to login using your ID and password. Use your existing login or the "Register" button at the left to create a login. Remember to save the User ID assigned to you, and your password. This login provides access to many useful areas of the ITRC.
In the leftmost frame select "Maintenance and Support".
Under the "Notifications" section (near the bottom of the page), select "Support Information Digests".
To -subscribe- to future HP Security Bulletins or other Technical Digests, click the check box (in the left column) for the appropriate digest and then click the "Update Subscriptions" button at the bottom of the page.
or
To -review- bulletins already released, select the link (in the middle column) for the appropriate digest.
D. To report new security vulnerabilities, send email to
[email protected]
Please encrypt any exploit information using the security-alert PGP key, available from your local key server. You may also get the security-alert PGP key by sending a message with a -subject- (not body) of 'get key' (no quotes) to [email protected].
Permission is granted for copying and circulating this bulletin to Hewlett-Packard Company (HP) customers (or the Internet community) for the purpose of alerting them to problems, if and only if, the bulletin is not edited or changed in any way, is attributed to HP, and provided such reproduction and/or distribution is performed for non-commercial purposes.
-----End of Document ID: HPSBTL0201-018--------------------------------------`
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: September 25, 2001
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: uucp
Date: September 21st, 2001
Advisory ID: MDKSA-2001:078
Affected versions: 7.1, 7.2, 8.0, Corporate Server 1.0.1
Problem Description:
Zen Parse discovered that an argument handling problem that exists in
the uucp package can allow a local attacker to gain access to the uucp
user or group.
References:
<http://www.securityfocus.com/archive/1/212892>
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
<http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS>
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.
Linux-Mandrake 7.1:
fa65ca8883349b9be0e6cf7db7dea76b 7.1/RPMS/uucp-1.06.1-14.1mdk.i586.rpm
e28726519e93e1980d40dab2f06483af 7.1/SRPMS/uucp-1.06.1-14.1mdk.src.rpm
Linux-Mandrake 7.2:
63dec090a832b711ff3a05577de6e375 7.2/RPMS/uucp-1.06.1-17.1mdk.i586.rpm
5e0b73597aaf0b0c731919e0e2608e2b 7.2/SRPMS/uucp-1.06.1-17.1mdk.src.rpm
Mandrake Linux 8.0:
1d285f9a496ae17aac3a43faaf93046a 8.0/RPMS/uucp-1.06.1-18.1mdk.i586.rpm
231f4436c3d4ba45190b6f00430a8b0d 8.0/SRPMS/uucp-1.06.1-18.1mdk.src.rpm
Mandrake Linux 8.0 (PPC):
9634b394fe43ab951969ab5088a071f3 ppc/8.0/RPMS/uucp-1.06.1-18.1mdk.ppc.rpm
519859d31a9a04d84d8090a6a4885431 ppc/8.0/SRPMS/uucp-1.06.1-18.1mdk.src.rpm
Corporate Server 1.0.1:
fa65ca8883349b9be0e6cf7db7dea76b 1.0.1/RPMS/uucp-1.06.1-14.1mdk.i586.rpm
e28726519e93e1980d40dab2f06483af 1.0.1/SRPMS/uucp-1.06.1-14.1mdk.src.rpm
Bug IDs fixed (see <https://qa.mandrakesoft.com> for more information):
To upgrade automatically, use MandrakeUpdate.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with “rpm -Fvh *.rpm”.
You can download the updates directly from one of the mirror sites
listed at:
<http://www.linux-mandrake.com/en/ftp.php3>.
Updated packages are available in the “updates/[ver]/RPMS/” directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in “updates/8.0/RPMS/”. Updated source
RPMs are available as well, but you generally do not need to download
them.
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other security advisories for Mandrake Linux at:
<http://www.linux-mandrake.com/en/security/>
If you want to report vulnerabilities, please contact
Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:
Mandrake Linux’s security announcements mailing list. Only
announcements are sent to this list and it is read-only.
Mandrake Linux’s security discussion mailing list. This list is open
to anyone to discuss Mandrake Linux security specifically and Linux
security in general.
To subscribe to either list, send a message to
[email protected]
with “subscribe [listname]” in the body of the message.
To remove yourself from either list, send a message to
[email protected]
with “unsubscribe [listname]” in the body of the message.
To get more information on either list, send a message to
[email protected]
with “info [listname]” in the body of the message.
Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:
<http://www.linux-mandrake.com/en/flists.php3#security>
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<[email protected]>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see <http://www.gnupg.org>
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see <http://www.gnupg.org>
iD8DBQE7qtfrmqjQ0CJFipgRAquLAJ46aDf85lnkDX7ZRp8bu3V05MT0qwCgxUvp
TZaGq2U8xKvGNEfQMRLErjc=
=mMTA
-----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: September 25, 2001
Affected
<http://www.openbsd.org/errata.html#uucp>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Notified: September 25, 2001 Updated: January 18, 2002
Affected
<http://www.redhat.com/support/errata/RHSA-2001-165.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: January 17, 2002
Affected
<http://www.suse.de/de/support/security/2001_038_uucp_txt.txt>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Updated: September 26, 2001
Not Affected
Mac OS X is not vulnerable to the UUCP problems described in this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
Notified: September 25, 2001 Updated: January 17, 2002
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23798263 Feedback>).
View all 11 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was discovered by zen-parse.
This document was written by Jason Rafail.
CVE IDs: | CVE-2001-0873 |
---|---|
Severity Metric: | 21.38 Date Public: |
archives.neohapsis.com/archives/bugtraq/2001-09/0053.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
www.caldera.com/support/security/advisories/CSSA-2001-033.0.txt
www.linux-mandrake.com/en/security/2001/MDKSA-2001-078.php3?dis=8.0
www.redhat.com/support/errata/RHSA-2001-165.html
www.securityfocus.com/bid/3312
www.suse.de/de/support/security/2001_038_uucp_txt.txt