Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-079-1:99FB7
HistorySep 24, 2001 - 12:44 p.m.

[SECURITY] [DSA 079-1] New UUCP packages fix local exploit

2001-09-2412:44:41
lists.debian.org
7

AI Score

7

Confidence

Low

JSON

Debian Security Advisory DSA 079-1 [email protected]
http://www.debian.org/security/ Martin Schulze
September 24, 2001

Package : uucp
Vulnerability : uucp uid/gid access
Problem-Type : local exploit
Debian-specific: no

zen-parse has found a problem with Taylor UUCP as distributed with
many GNU/Linux distributions. It was possible to make uux' execute uucp' with malicious commandline arguments which gives an attacker
access to files owned by uid/gid uucp.

This problem has been fixed in version of 1.06.1-11potato1 for Debian
GNU/Linux 2.2 by using a patch that RedHat has provided.

We recommend that you upgrade your uucp package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Source archives:

http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato1.diff.gz
  MD5 checksum: 4e2f02a4abd2ce86ffb0e154ef5d162b
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato1.dsc
  MD5 checksum: fd358e7e14f32ffa16cd3f2e6137b05c
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1.orig.tar.gz
  MD5 checksum: 390af5277915fcadbeee74d2f3038af9

Alpha architecture:

http://security.debian.org/dists/stable/updates/main/binary-alpha/uucp_1.06.1-11potato1_alpha.deb
  MD5 checksum: c1ad1038530a5ee1a6fb92fb90be287f

ARM architecture:

http://security.debian.org/dists/stable/updates/main/binary-arm/uucp_1.06.1-11potato1_arm.deb
  MD5 checksum: 5821d1b6b9bccfa7486183216ffc7dfa

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/main/binary-i386/uucp_1.06.1-11potato1_i386.deb
  MD5 checksum: deb9d76651686c2b0a2d51488e3cf0da

Motorola 680x0 architecture:

http://security.debian.org/dists/stable/updates/main/binary-m68k/uucp_1.06.1-11potato1_m68k.deb
  MD5 checksum: 37f78dceb1e6c3b492246c888a744af7

PowerPC architecture:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/uucp_1.06.1-11potato1_powerpc.deb
  MD5 checksum: e2a81774e4cd6c1eabbcf1c8fbf2e406

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/main/binary-sparc/uucp_1.06.1-11potato1_sparc.deb
  MD5 checksum: 28148692a588b9b0c9b7598d0084fd2a

These files will be moved into the stable distribution on its next
revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

AI Score

7

Confidence

Low

JSON