Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Discontinued :: cs2018-1.txt

Race condition in fileutils (Revised) - Caldera Advisory CSSA-2002-018.1




To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: REVISED: Race condition in fileutils
Advisory number: 	CSSA-2002-018.1
Issue date: 		2002 May 13
Cross reference:
______________________________________________________________________________


1. Problem Description

	A race condition in various utilities from the GNU fileutils
	package may cause a root user to delete the whole filesystem.

	This updates resolves a problem in the original fix that would
	cause an attempt to recursively remove a directory with
	trailing slashes to memory fault.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1 Server		prior to fileutils-4.1-5.i386.rpm

	OpenLinux 3.1 Workstation	prior to fileutils-4.1-5.i386.rpm


3. Solution

	The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

	d01d42d41800d0b9c1d02c4fec07a79d	fileutils-4.1-5.i386.rpm

	4.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

	ccb5269147321f8db75cf6f4758161bd	fileutils-4.1-5.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

5.2 Packages

	993d932af015edb5ad6e4d70db171492	fileutils-4.1-5.i386.rpm

	5.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

5.5 Source Packages

	ccb5269147321f8db75cf6f4758161bd	fileutils-4.1-5.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

6.2 Packages

	79671c826786c29d2849fe14de4f79f1	fileutils-4.1-5.i386.rpm

	6.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

6.5 Source Packages

	238ad9663d26b196eea92874a96b1c53	fileutils-4.1-5.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

7.2 Packages

	79671c826786c29d2849fe14de4f79f1	fileutils-4.1-5.i386.rpm

	7.3 Installation

	rpm -Fvh fileutils-4.1-5.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

7.5 Source Packages

	01a126030929e44c83a473ee662fecb9	fileutils-4.1-5.src.rpm


8. References

	Specific references for this advisory:

		http://mail.gnu.org/pipermail/bug-fileutils/2002-March/002440.html
http://isec.pl/vulnerabilities/0002.txt

Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862917, fz520627,
	erg712018.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	Caldera would like to thank Vincent Danen at Mandrake
	for alerting us to the problems with the original fix.

	Wojciech Purczynski (iSEC Security Research, http://isec.pl)
	reported this vulnerability.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH