TUCoPS :: SCO :: cs2sco06.txt

Open UNIX, UnixWare 7: webtop setuid script vulnerability - Caldera Advisory CSSA-2002-SCO.6

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open UNIX, UnixWare 7: webtop setuid script vulnerability
Advisory number:        CSSA-2002-SCO.6
Issue date:             2002 February 21
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        The setuid scripts in the webtop product may be used to gain
        root privileges.


2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare 7              7.1.1
/opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi

/opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi
        Open UNIX               8.0.0
/opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi

/opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi

3. Workaround

        If the webtop functionality is not needed, remove the setuid
        permissions from the scripts:

        # chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi
        # chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/


  4.2 Verification

        MD5 (erg711951b.Z) = 53a0eb6dfe4bc1b1d8361ef1c5b488a6

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg711951b.Z to the /tmp directory

        # uncompress /tmp/erg711951b.Z
        # pkgadd -d /tmp/erg711951b


5. References

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This  advisory addresses Caldera Security  internal  incidents
        sr859215, fz519942, erg711951.


6. Disclaimer

        Caldera International, Inc. is not responsible for  the misuse
        of  any of  the  information we provide on our  website and/or
        through our security advisories.  Our advisories are a service
        to our  customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Caldera   would    like   to   thank   jggm   JeGalGhongMyeung
        <jggm@mail.com>  for  the  discovery  and  research   of  this
        vulnerability.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH