Contributed by webmaster on from the security dept.
Due to incorrect argument handling in a component of the Taylor UUCP package, it is possible for local users to gain uid/gid uucp.A Patch has also been released for systems running 2.8.
This may allow further elevation, depending on the system, up to and including root access.
On OpenBSD 2.8 (and probably others) it allows root compromise. By overwriting the uucp owned program /usr/bin/uustat, arbitrary commands may be executed as part of the /etc/daily crontab script.
On Redhat 7.0 (and probably others) it allows creation of empty files as root, and the ability to execute commands as if logged in at the console (as checked via /lib/security/pam_console.so). This may also allow further elevation of privileges, or denial of service. (Tested against uucp-1.06.1-25)
Other systems running this package are also affected to a greater or lesser degree.
(Comments are closed)