Rapid7 Vulnerability & Exploit Database

RHSA-2001:165: The uuxqt utility can be used to execute arbitrary commands as uucp.uucp

Back to Search

RHSA-2001:165: The uuxqt utility can be used to execute arbitrary commands as uucp.uucp

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
12/21/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

This is a re-release of a prior uucp exploit errata which also prevents unique substrings being used with long options. uuxqt, in the Taylor UUCP package, does not properly remove dangerous long options. These long options allow local users to gain uid and gid uucp privileges by calling uux and specifying an alternate configuration file with the --config option.

Please note, Red Hat Linux 7.2 is vulnerable to this bug. Additionally, Red Hat Linux 7.2 uses a different locking scheme than prior versions and the 7.2 packages should not be applied to Red Hat Linux 7.0 or 7.1 systems. Use the relevant packages from this errata instead. Conversely, the 7.1 packages from this errata should not be applied to a Red Hat Linux 7.2 system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0873 to this issue.

Solution(s)

  • redhat-upgrade-uucp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;