UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren’t dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.0 | alpha | uucp | < 1.06.1-227 | uucp-1.06.1-227.alpha.rpm |
openSUSE | 6.4 | alpha | uucp | < 1.06.1-227 | uucp-1.06.1-227.alpha.rpm |
openSUSE | 6.3 | i386 | uucp | < 1.06.1-333 | uucp-1.06.1-333.i386.rpm |
openSUSE | 7.3 | i386 | uucp | < 1.06.1-333 | uucp-1.06.1-333.i386.rpm |
openSUSE | 6.4 | ppc | uucp | < 1.06.1-225 | uucp-1.06.1-225.ppc.rpm |
openSUSE | 7.1 | alpha | uucp | < 1.06.1-227 | uucp-1.06.1-227.alpha.rpm |
openSUSE | 6.4 | i386 | uucp | < 1.06.1-333 | uucp-1.06.1-333.i386.rpm |
openSUSE | 7.1 | sparc | uucp | < 1.06.1-228 | uucp-1.06.1-228.sparc.rpm |
openSUSE | 7.2 | i386 | uucp | < 1.06.1-334 | uucp-1.06.1-334.i386.rpm |
openSUSE | 7.0 | sparc | uucp | < 1.06.1-228 | uucp-1.06.1-228.sparc.rpm |