• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Taylor UUCP Argument Handling Privilege Elevation Vulnerability

Severity: MODERATE

Description:

Taylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor.

A problem has been discovered in the Taylor UUCP package that makes it possible for a local user to gain elevated privileges. The problem is in the improper checking of command line input, and acceptance of arbitrary configuration files.

uux is a program included with the Taylor UUCP package. uux, as implemented in the package, is designed to execute commands remotely on other UUCP hosts, such as rnews and rmail. This program is usually used to provide the mail and news distribution functionality in a UUCP network.

The problem occurs in handling of configuration files by uux when uucp is invoked within it. By executing uux, and using the uucp program within uux, and passing a malicious configuration file to uucp through the --config parameter, it is possible for a local user to execute commands on a local host with setuid privileges. The commands passed to uucp through the file specified in --config are usually executed by uuxqt, a daemon on the system that by default executes rnews and rmail. uuxqt is setuid uucp.

Therefore, a local user executing uux, and passing a malicious configuration file to uucp using the config flag, may gain privilege elevation to uucp, and potentially local root access when the configuration file is executed by uuxqt.

Affected Products:

• Caldera OpenLinux 2.3.0
• Caldera OpenLinux Server 3.1.0
• Caldera OpenLinux Workstation 3.1.0
• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux ecommerce
• Conectiva Linux graficas
• Ian Lance Taylor Taylor UUCP 1.0.6
• MandrakeSoft Corporate Server 1.0.1
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• OpenBSD OpenBSD 2.8.0
• RedHat Linux 6.2.0 alpha
• RedHat Linux 6.2.0 i386
• RedHat Linux 6.2.0 sparc
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.1.0 alpha
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.1.0 ia64
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 ia64
• S.u.S.E. Linux 6.3.0
• S.u.S.E. Linux 6.3.0 alpha
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 6.4.0 alpha
• S.u.S.E. Linux 6.4.0 ppc
• S.u.S.E. Linux 7.0.0
• S.u.S.E. Linux 7.0.0 alpha
• S.u.S.E. Linux 7.0.0 ppc
• S.u.S.E. Linux 7.0.0 sparc
• S.u.S.E. Linux 7.1.0 alpha
• S.u.S.E. Linux 7.1.0 ppc
• S.u.S.E. Linux 7.1.0 sparc
• S.u.S.E. Linux 7.1.0 x86
• S.u.S.E. Linux 7.2.0
• SCO eDesktop 2.4.0
• SCO eServer 2.3.1
• Slackware Linux 7.0.0

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.