ID DSA-079 Type debian Reporter Debian Modified 2002-02-08T00:00:00
Description
Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by the uucp uid, which effectively means that a local user can completely subvert the UUCP subsystem, including stealing mail, etc.
If a remote user with UUCP access is able to create files on the local system, and can successfully make certain guesses about the local directory structure layout, then the remote user can also subvert the UUCP system. A default installation of UUCP will permit a remote user to create files on the local system if the UUCP public directory has been created with world write permissions.
Obviously this security hole is serious for anybody who uses UUCP on a multi-user system with untrusted users, or anybody who uses UUCP and permits connections from untrusted remote systems.
It was thought that this problem has been fixed with DSA 079-1, but that didn't fix all variations of the problem. The problem is fixed in version 1.06.1-11potato2 of uucp which uses a patch from the upstream author Ian Lance Taylor.
We recommend that you upgrade your uucp package immediately.
{"title": "uucp -- uucp uid/gid access", "reporter": "Debian", "lastseen": "2016-09-02T18:26:58", "history": [], "modified": "2002-02-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}, "vulnersScore": 2.1}, "hash": "8f6870304e49aa2f4d45da10804759e5435a63fb7097ebdb84b32209aafd1ae0", "cvelist": ["CVE-2001-0873"], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "sparc", "packageFilename": "uucp_1.06.1-11potato2_sparc.deb"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1.orig", "operator": "lt", "packageName": "uucp", "arch": "src", "packageFilename": "uucp_1.06.1.orig.tar.gz"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "ppc", "packageFilename": "uucp_1.06.1-11potato2_powerpc.deb"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2.diff", "operator": "lt", "packageName": "uucp", "arch": "src", "packageFilename": "uucp_1.06.1-11potato2.diff.gz"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "alpha", "packageFilename": "uucp_1.06.1-11potato2_alpha.deb"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "src", "packageFilename": "uucp_1.06.1-11potato2.dsc"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "m68k", "packageFilename": "uucp_1.06.1-11potato2_m68k.deb"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "arm", "packageFilename": "uucp_1.06.1-11potato2_arm.deb"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.06.1-11potato2", "operator": "lt", "packageName": "uucp", "arch": "i686", "packageFilename": "uucp_1.06.1-11potato2_i386.deb"}], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "objectVersion": "1.2", "edition": 1, "description": "Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by the uucp uid, which effectively means that a local user can completely subvert the UUCP subsystem, including stealing mail, etc.\n\nIf a remote user with UUCP access is able to create files on the local system, and can successfully make certain guesses about the local directory structure layout, then the remote user can also subvert the UUCP system. A default installation of UUCP will permit a remote user to create files on the local system if the UUCP public directory has been created with world write permissions.\n\nObviously this security hole is serious for anybody who uses UUCP on a multi-user system with untrusted users, or anybody who uses UUCP and permits connections from untrusted remote systems.\n\nIt was thought that this problem has been fixed with DSA 079-1, but that didn't fix all variations of the problem. The problem is fixed in version 1.06.1-11potato2 of uucp which uses a patch from the upstream author Ian Lance Taylor.\n\nWe recommend that you upgrade your uucp package immediately.", "type": "debian", "references": [], "href": "http://www.debian.org/security/dsa-079", "published": "2002-02-08T00:00:00", "bulletinFamily": "unix", "id": "DSA-079"}
{"cve": [{"lastseen": "2017-10-10T10:34:45", "references": ["http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425", "http://www.debian.org/security/2001/dsa-079", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7099", "http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt", "http://rhn.redhat.com/errata/RHSA-2001-165.html", "http://marc.info/?l=bugtraq&m=100715446131820", "http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html", "http://www.securityfocus.com/bid/3312", "http://www.securityfocus.com/archive/1/212892"], "description": "uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.", "edition": 3, "reporter": "NVD", "published": "2001-12-21T00:00:00", "title": "CVE-2001-0873", "type": "cve", "enchantments": {"score": {"modified": "2017-10-10T10:34:45", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2001-0873"], "scanner": [], "modified": "2017-10-09T21:29:55", "cpe": ["cpe:/a:ian_lance_taylor:taylor_uucp:1.0.6"], "id": "CVE-2001-0873", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0873", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-08-31T02:36:55", "references": ["http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425", "http://www.caldera.com/support/security/advisories/CSSA-2001-033.0.txt", "http://www.suse.de/de/support/security/2001_038_uucp_txt.txt ", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0873", "http://archives.neohapsis.com/archives/bugtraq/2001-09/0053.html", "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-078.php3?dis=8.0", "http://www.securityfocus.com/bid/3312", "http://www.redhat.com/support/errata/RHSA-2001-165.html"], "description": "### Overview\n\nSeveral Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp, usually root.\n\n### Description\n\nA component of the UUCP package, uuxqt, is a daemon that executes commands requested by uux either from the local system or from remote systems. Before executing the command, uuxqt is supposed to filter dangerous command arguments. It fails to properly filter command line arguments that are specified in their long format. This can allow an intruder to gain elevated privileges and execute commands. \n \n--- \n \n### Impact\n\nAn intruder can gain elevated privileges and execute commands. \n \n--- \n \n### Solution\n\nApply the patches and upgrades provided by your vendor. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nCaldera| | -| 25 Sep 2001 \nConectiva| | -| 25 Sep 2001 \nDebian| | -| 25 Sep 2001 \nFreeBSD| | 24 Sep 2001| 09 Oct 2001 \nHewlett Packard| | 24 Sep 2001| 08 Feb 2002 \nMandrakeSoft| | -| 25 Sep 2001 \nOpenBSD| | -| 25 Sep 2001 \nRed Hat| | 25 Sep 2001| 18 Jan 2002 \nSuSE| | -| 17 Jan 2002 \nApple| | -| 26 Sep 2001 \nIBM| | 25 Sep 2001| 17 Jan 2002 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23798263 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.securityfocus.com/bid/3312>\n * <http://www.redhat.com/support/errata/RHSA-2001-165.html>\n * <http://www.suse.de/de/support/security/2001_038_uucp_txt.txt>\n * <http://www.caldera.com/support/security/advisories/CSSA-2001-033.0.txt>\n * <http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-078.php3?dis=8.0>\n * [http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio;=000425](<http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425>)\n * <http://archives.neohapsis.com/archives/bugtraq/2001-09/0053.html>\n\n### Credit\n\nThis vulnerability was discovered by zen-parse.\n\nThis document was written by Jason Rafail.\n\n### Other Information\n\n * CVE IDs: [CAN-2001-0873](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2001-0873>)\n * Date Public: 08 Sep 2001\n * Date First Published: 25 Sep 2001\n * Date Last Updated: 08 Feb 2002\n * Severity Metric: 21.37\n * Document Revision: 10\n\n", "edition": 3, "reporter": "CERT", "published": "2001-09-25T00:00:00", "title": "Taylor UUCP Package fails to properly filter command line arguments", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2001-0873", "CVE-2001-0873"], "modified": "2002-02-08T00:00:00", "id": "VU:798263", "href": "https://www.kb.cert.org/vuls/id/798263", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:41:59", "references": ["http://www.debian.org/security/2001/dsa-079"], "pluginID": "14916", "description": "Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by the uucp uid, which effectively means that a local user can completely subvert the UUCP subsystem, including stealing mail, etc.\n\nIf a remote user with UUCP access is able to create files on the local system, and can successfully make certain guesses about the local directory structure layout, then the remote user can also subvert the UUCP system. A default installation of UUCP will permit a remote user to create files on the local system if the UUCP public directory has been created with world write permissions.\n\nObviously this security hole is serious for anybody who uses UUCP on a multi-user system with untrusted users, or anybody who uses UUCP and permits connections from untrusted remote systems.\n\nIt was thought that this problem has been fixed with DSA 079-1, but that didn't fix all variations of the problem. The problem is fixed in version 1.06.1-11potato2 of uucp which uses a patch from the upstream author Ian Lance Taylor.", "edition": 5, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-079-2 : uucp - uucp uid/gid access", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0873"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "p-cpe:/a:debian:debian_linux:uucp"], "id": "DEBIAN_DSA-079.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14916", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-079. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14916);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2001-0873\");\n script_bugtraq_id(3312);\n script_xref(name:\"DSA\", value:\"079\");\n\n script_name(english:\"Debian DSA-079-2 : uucp - uucp uid/gid access\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It\npermits a local user to copy any file to anywhere which is writable by\nthe uucp uid, which effectively means that a local user can completely\nsubvert the UUCP subsystem, including stealing mail, etc.\n\nIf a remote user with UUCP access is able to create files on the local\nsystem, and can successfully make certain guesses about the local\ndirectory structure layout, then the remote user can also subvert the\nUUCP system. A default installation of UUCP will permit a remote user\nto create files on the local system if the UUCP public directory has\nbeen created with world write permissions.\n\nObviously this security hole is serious for anybody who uses UUCP on a\nmulti-user system with untrusted users, or anybody who uses UUCP and\npermits connections from untrusted remote systems.\n\nIt was thought that this problem has been fixed with DSA 079-1, but\nthat didn't fix all variations of the problem. The problem is fixed in\nversion 1.06.1-11potato2 of uucp which uses a patch from the upstream\nauthor Ian Lance Taylor.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2001/dsa-079\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the uucp package immediately.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uucp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"uucp\", reference:\"1.06.1-11potato2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T15:41:19", "osvdbidlist": ["5532"], "references": [], "edition": 1, "description": "Taylor UUCP 1.0.6 Argument Handling Privilege Elevation Vulnerability. CVE-2001-0873. Local exploit for unix platform", "reporter": "zen-parse", "published": "2001-09-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2001-0873"], "modified": "2001-09-08T00:00:00", "id": "EDB-ID:21106", "href": "https://www.exploit-db.com/exploits/21106/", "sourceData": "source: http://www.securityfocus.com/bid/3312/info\r\n\r\nTaylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor.\r\n\r\nA problem has been discovered in Taylor UUCP that makes it possible for local users to gain elevated privileges. The problem is due to the handling of configuration files when passed to uucp via the --config flag. When uux receives a request to execute commands using a malicious --config file, the commands will be executed with the privileges of uuxqt, a setuid uucp daemon by default.\r\n\r\nThis makes it possible for a local user to gain elevated privileges, and could lead to a local user gaining administrative access. \r\n\r\nuux 'uucp --config=/tmp/vv.v /tmp/somefile /tmp/someotherfile'\r\n\r\nwill use the supplied configuration, without dropping privileges.\r\n\r\n1) Make a configuration file that allows any command to be executed, and allows files from anywhere to be copied to anywhere that is writable by uid/gid uucp. ( /tmp/config.uucp )\r\n2) Make a command file with the command you want to be executed.\r\n( /tmp/commands.uucp )\r\n3) Do something like the following:\r\n\r\n$ THISHOST=`uuname -l`\r\n$ WHEREYOUWANTIT=/var/spool/uucp/${THISHOST}/X./X.${THISHOST}X1337\r\n$ uux 'uucp --config=/tmp/config.uucp /tmp/commands.uucp '${WHEREYOUWANTIT}\r\n\r\nThe commands in /tmp/commands.uucp file will be executed by uuxqt, with the uid/gid of uucp. ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/21106/"}], "openvas": [{"lastseen": "2017-07-24T12:49:54", "references": [], "pluginID": "53389", "description": "The remote host is missing an update to uucp\nannounced via advisory DSA 079-2.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 079-2 (uucp)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0873"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53389", "id": "OPENVAS:53389", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_079_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 079-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It\npermits a local user to copy any file to anywhere which is writable by\nthe uucp uid, which effectively means that a local user can completely\nsubvert the UUCP subsystem, including stealing mail, etc.\n\nIf a remote user with UUCP access is able to create files on the local\nsystem, and can successfully make certain guesses about the local\ndirectory structure layout, then the remote user can also subvert the\nUUCP system. A default installation of UUCP will permit a remote user\nto create files on the local system if the UUCP public directory has\nbeen created with world write permissions.\n\nObviously this security hole is serious for anybody who uses UUCP on a\nmulti-user system with untrusted users, or anybody who uses UUCP and\npermits connections from untrusted remote systems.\n\nIt was thought that this problem has been fixed with DSA 079-1, but\nthat didn't fix all variations of the problem. The problem is fixed\nin version 1.06.1-11potato2 of uucp which uses a patch from the\nupstream author Ian Lance Taylor.\n\nWe recommend that you upgrade your uucp packages immediately.\";\ntag_summary = \"The remote host is missing an update to uucp\nannounced via advisory DSA 079-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20079-2\";\n\nif(description)\n{\n script_id(53389);\n script_cve_id(\"CVE-2001-0873\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 079-2 (uucp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"uucp\", ver:\"1.06.1-11potato2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:05", "references": [], "pluginID": "53570", "description": "The remote host is missing an update to uucp\nannounced via advisory DSA 079-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 079-1 (uucp)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0873"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53570", "id": "OPENVAS:53570", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_079_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 079-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"zen-parse has found a problem with Taylor UUCP as distributed with\nmany GNU/Linux distributions. It was possible to make `uux' execute\n`uucp' with malicious commandline arguments which gives an attacker\naccess to files owned by uid/gid uucp.\n\nThis problem has been fixed in version of 1.06.1-11potato1 for Debian\nGNU/Linux 2.2 by using a patch that RedHat has provided.\n\nWe recommend that you upgrade your uucp package immediately.\";\ntag_summary = \"The remote host is missing an update to uucp\nannounced via advisory DSA 079-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20079-1\";\n\nif(description)\n{\n script_id(53570);\n script_cve_id(\"CVE-2001-0873\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 079-1 (uucp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"uucp\", ver:\"1.06.1-11potato1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:00", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nRedHat RHSA: RHSA-2001:165\nISS X-Force ID: 7099\n[CVE-2001-0873](https://vulners.com/cve/CVE-2001-0873)\nBugtraq ID: 3312\n", "reporter": "OSVDB", "published": "2004-04-08T23:11:46", "title": "Taylor UUCP uuxqt Alternate Config Privilege Escalation", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2001-0873"], "modified": "2004-04-08T23:11:46", "href": "https://vulners.com/osvdb/OSVDB:5532", "id": "OSVDB:5532", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:37", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "7.0", "packageVersion": "1.06.1-227", "packageName": "uucp", "packageFilename": "uucp-1.06.1-227.alpha.rpm", "arch": "alpha", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "6.4", "packageVersion": "1.06.1-227", "packageName": "uucp", "packageFilename": "uucp-1.06.1-227.alpha.rpm", "arch": "alpha", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "6.3", "packageVersion": "1.06.1-333", "packageName": "uucp", "packageFilename": "uucp-1.06.1-333.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "1.06.1-333", "packageName": "uucp", "packageFilename": "uucp-1.06.1-333.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "6.4", "packageVersion": "1.06.1-225", "packageName": "uucp", "packageFilename": "uucp-1.06.1-225.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.06.1-227", "packageName": "uucp", "packageFilename": "uucp-1.06.1-227.alpha.rpm", "arch": "alpha", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "6.4", "packageVersion": "1.06.1-333", "packageName": "uucp", "packageFilename": "uucp-1.06.1-333.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.06.1-228", "packageName": "uucp", "packageFilename": "uucp-1.06.1-228.sparc.rpm", "arch": "sparc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.2", "packageVersion": "1.06.1-334", "packageName": "uucp", "packageFilename": "uucp-1.06.1-334.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.0", "packageVersion": "1.06.1-228", "packageName": "uucp", "packageFilename": "uucp-1.06.1-228.sparc.rpm", "arch": "sparc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.06.1-334", "packageName": "uucp", "packageFilename": "uucp-1.06.1-334.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.0", "packageVersion": "1.06.1-225", "packageName": "uucp", "packageFilename": "uucp-1.06.1-225.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.0", "packageVersion": "1.06.1-333", "packageName": "uucp", "packageFilename": "uucp-1.06.1-333.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.06.1-225", "packageName": "uucp", "packageFilename": "uucp-1.06.1-225.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "6.3", "packageVersion": "1.06.1-227", "packageName": "uucp", "packageFilename": "uucp-1.06.1-227.alpha.rpm", "arch": "alpha", "operator": "lt"}], "description": "UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.", "edition": 1, "reporter": "Suse", "published": "2001-10-31T16:42:46", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "local privilege escalations (probably root) in uucp", "bulletinFamily": "unix", "cvelist": ["CVE-2001-0873"], "modified": "2001-10-31T16:42:46", "id": "SUSE-SA:2001:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2001-10/msg00011.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
