OpenBSD Journal

a Patches available for Taylor UUCP

Contributed by webmaster on from the security dept.

Patch 015 has been released for OpenBSD 2.9. This patch addresses a vulnerability discovered by zen-parse and posted to BUGTRAQ on September 8. Since errata.html hasn't been updated yet, I will quote from the original BUGTRAQ advisory :
Due to incorrect argument handling in a component of the Taylor UUCP package, it is possible for local users to gain uid/gid uucp.

This may allow further elevation, depending on the system, up to and including root access.

On OpenBSD 2.8 (and probably others) it allows root compromise. By overwriting the uucp owned program /usr/bin/uustat, arbitrary commands may be executed as part of the /etc/daily crontab script.

On Redhat 7.0 (and probably others) it allows creation of empty files as root, and the ability to execute commands as if logged in at the console (as checked via /lib/security/ This may also allow further elevation of privileges, or denial of service. (Tested against uucp-1.06.1-25)

Other systems running this package are also affected to a greater or lesser degree.

A Patch has also been released for systems running 2.8.

(Comments are closed)

  1. By The Late JC () on none

    Zen-parse is on and he lives in New Zealand. He likes Stabbing Westward.

  2. By Niekze () on

    The patch suggests replacing /etc/daily with /usr/src/src/daily. There is no /usr/src/src directory in my source tree. There is a usr/src/etc/daily which, when given a diff, yields changes that reflect uucp. So, it appears that it was a mistake. do a diff on /etc/daily and /usr/src/etc/daily and you will see that it appears to be the file that needs updating.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]