-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: sperl vulnerability Advisory number: CSSA-2000-026.0 Issue date: 2000 August, 7 Cross reference: ______________________________________________________________________________ 1. Problem Description sperl is a setuid copy of the perl interpreter that can be used to execute perl scripts with the privilege of the file's owner. In order to be able to do so, sperl must be setuid root. When sperl detects that an attacker is trying to spoof it, it sends a mail message to the super user account using /bin/mail. By exploiting a flaw in the way sperl interacts with /bin/mail, any local user is able to obtain root privilege on the local machine. An exploit for this vulnerability has been published widely. 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 not vulnerable OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder perl-5.005_03-6S OpenLinux eDesktop 2.4 All packages previous to perl-5.005_03-6 3. Solution Workaround: none We recommend our users to upgrade to the new packages. 4. OpenLinux Desktop 2.3 not vulnerable 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 55bf850e54e8ddd91a00f67b528d831d perl-5.005_03-6S.i386.rpm bf1f56c565c512a8dbf970d04304d22c perl-5.005_03-6S.src.rpm 76f2238063b94983591ae10ad3715eb3 perl-add-5.005_03-6S.i386.rpm 94bc4d6e0963391c4d100e8d2a2c73d1 perl-examples-5.005_03-6S.i386.rpm eca239c5b0c9cb7cc98d4254304a6e3d perl-man-5.005_03-6S.i386.rpm 18c76ed983ff45fd8dc5442cee2e6f4e perl-pod-5.005_03-6S.i386.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv perl-*.i386.rpm Please ignore the "directory not empty" messages 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification 7542698bece734cccc30c8ef83c5af87 perl-5.005_03-6.i386.rpm 0b6e1a7e1615a5400e07c10cfd924203 perl-5.005_03-6.src.rpm 42356e924d6e6a1d5507c0951b5b5c78 perl-add-5.005_03-6.i386.rpm 49ab8a7f2e3a9f96f51ade1510405331 perl-examples-5.005_03-6.i386.rpm 2ec837db5f8bf0af5610748e2a7793a2 perl-man-5.005_03-6.i386.rpm 64cc98b972e8f9297933ac74fd547386 perl-pod-5.005_03-6.i386.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv perl-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 7347. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5jtvO18sy83A/qfwRAjtyAJ99lp4/lcXN6kS6U4he6cY8Gl0dlACdGiDA SLbjCa/O3Icn0127HXoaqEg= =KR/d -----END PGP SIGNATURE-----