-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: sperl vulnerability
Advisory number: CSSA-2000-026.0
Issue date: 2000 August, 7
Cross reference:
______________________________________________________________________________
1. Problem Description
sperl is a setuid copy of the perl interpreter that can be
used to execute perl scripts with the privilege of the
file''s owner. In order to be able to do so, sperl must
be setuid root.
When sperl detects that an attacker is trying to spoof it,
it sends a mail message to the super user account using /bin/mail.
By exploiting a flaw in the way sperl interacts with /bin/mail,
any local user is able to obtain root privilege on the local
machine.
An exploit for this vulnerability has been published widely.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 not vulnerable
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder perl-5.005_03-6S
OpenLinux eDesktop 2.4 All packages previous to
perl-5.005_03-6
3. Solution
Workaround:
none
We recommend our users to upgrade to the new packages.
4. OpenLinux Desktop 2.3
not vulnerable
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera''s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
55bf850e54e8ddd91a00f67b528d831d perl-5.005_03-6S.i386.rpm
bf1f56c565c512a8dbf970d04304d22c perl-5.005_03-6S.src.rpm
76f2238063b94983591ae10ad3715eb3 perl-add-5.005_03-6S.i386.rpm
94bc4d6e0963391c4d100e8d2a2c73d1 perl-examples-5.005_03-6S.i386.rpm
eca239c5b0c9cb7cc98d4254304a6e3d perl-man-5.005_03-6S.i386.rpm
18c76ed983ff45fd8dc5442cee2e6f4e perl-pod-5.005_03-6S.i386.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv perl-*.i386.rpm
Please ignore the "directory not empty" messages
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera''s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
7542698bece734cccc30c8ef83c5af87 perl-5.005_03-6.i386.rpm
0b6e1a7e1615a5400e07c10cfd924203 perl-5.005_03-6.src.rpm
42356e924d6e6a1d5507c0951b5b5c78 perl-add-5.005_03-6.i386.rpm
49ab8a7f2e3a9f96f51ade1510405331 perl-examples-5.005_03-6.i386.rpm
2ec837db5f8bf0af5610748e2a7793a2 perl-man-5.005_03-6.i386.rpm
64cc98b972e8f9297933ac74fd547386 perl-pod-5.005_03-6.i386.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv perl-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera''s internal Problem Report 7347.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5jtvO18sy83A/qfwRAjtyAJ99lp4/lcXN6kS6U4he6cY8Gl0dlACdGiDA
SLbjCa/O3Icn0127HXoaqEg=KR/d
-----END PGP SIGNATURE-----
