Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities
From: security () caldera com
Date: Tue, 29 Oct 2002 12:18:14 -0800

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com


______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: bzip2 file creation and symbolic link vulnerabilities 
Advisory number:        CSSA-2002-039.0
Issue date:             2002 October 29
Cross reference:
______________________________________________________________________________


1. Problem Description

        From the CVE Archives:

        bzip2 does not use the O_EXCL flag to create files during
        decompression and does not warn the user if an existing file
        would be overwritten, which could allow attackers to overwrite
        files via a bzip2 archive.

        bzip2 decompresses files with world-readable permissions
        before setting the permissions to what is specified in the
        bzip2 archive, which could allow local users to read the files
        as they are being decompressed.

        bzip2 uses the permissions of symbolic links instead of the
        actual files when creating an archive, which could cause the
        files to be extracted with less restrictive permissions than
        intended.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to bzip2-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to bzip2-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

        OpenLinux 3.1 Server            prior to bzip2-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-static-1.0.0-7MR.i386.rpm

        OpenLinux 3.1 Workstation       prior to bzip2-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-1.0.0-7MR.i386.rpm
                                        prior to bzip2-devel-static-1.0.0-7MR.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-039.0/RPMS

        4.2 Packages

        d54e80dafe3006f18d1d9498078f4bce        bzip2-1.0.0-7MR.i386.rpm
        7eb4a45c2aa65aafd69fd1ef047e1bfd        bzip2-devel-1.0.0-7MR.i386.rpm
        b4f91ed45d1e94b2547ce0950b0f49be        bzip2-devel-static-1.0.0-7MR.i386.rpm

        4.3 Installation

        rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-039.0/SRPMS

        4.5 Source Packages

        8174f956fc4fba3686900cf77ceabf44        bzip2-1.0.0-7MR.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-039.0/RPMS

        5.2 Packages

        e15555947c16f663962f38bae73ceb4a        bzip2-1.0.0-7MR.i386.rpm
        a1d3bf363951dddc3eb745d4b23e7513        bzip2-devel-1.0.0-7MR.i386.rpm
        19c8036ab3d61a96c0c09f0c08c78f3b        bzip2-devel-static-1.0.0-7MR.i386.rpm

        5.3 Installation

        rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-039.0/SRPMS

        5.5 Source Packages

        d428ed2e4ea3f3577c8ff7fa6d7be12e        bzip2-1.0.0-7MR.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-039.0/RPMS

        6.2 Packages

        525d5fe90e5b5aee993e46c665f51ab3        bzip2-1.0.0-7MR.i386.rpm
        ec675b025cbae2d59755ce84dc440478        bzip2-devel-1.0.0-7MR.i386.rpm
        4a82220ccec70af0a501cd3c1695a2bc        bzip2-devel-static-1.0.0-7MR.i386.rpm

        6.3 Installation

        rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-039.0/SRPMS

        6.5 Source Packages

        14622634fec6589268c083a375fa50e6        bzip2-1.0.0-7MR.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-039.0/RPMS

        7.2 Packages

        845b6f3c541e902c8a0737694a3e5e42        bzip2-1.0.0-7MR.i386.rpm
        f7e1a4fe5697067d4acd8f87309dc032        bzip2-devel-1.0.0-7MR.i386.rpm
        99e7937248d59ba576967c40469590d9        bzip2-devel-static-1.0.0-7MR.i386.rpm

        7.3 Installation

        rpm -Fvh bzip2-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-1.0.0-7MR.i386.rpm
        rpm -Fvh bzip2-devel-static-1.0.0-7MR.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-039.0/SRPMS

        7.5 Source Packages

        654e85390b806e357e881189b2968b2d        bzip2-1.0.0-7MR.src.rpm


8. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0759
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0760
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0761

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr864842, fz521049,
        erg712052.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        Volker Schmidt and Philippe Troin discovered and researched
        these vulnerabilities.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities security (Oct 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]