Vulnerability Note VU#971179

UUCP package contains multiple buffer overflows via long string of characters sent as command line argument

Original Release date: 25 Sep 2001 | Last revised: 31 Oct 2001

Overview

Several Linux/Unix systems ship with a utility package called UUCP derived from System V. A buffer overflow in components of the UUCP package can allow an intruder to gain elevated privileges.

Description

Several Linux/Unix systems ship with a utility package called UUCP derived from System V. The UUCP package allows for the copying of files between different UNIX systems and the sending of commands for execution on a remote system. There is a buffer overflow in the components listed below that can allow a malicious user to gain elevated privileges.

uucp
uuxcmd
uux
uuxqt
bnuconvert
uucico
uustat

Impact

An intruder can gain elevated privileges.

Solution

Upgrade to the version of UUCP specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
SCOAffected-25 Sep 2001
AppleNot Affected-26 Sep 2001
CrayNot Affected-15 Oct 2001
FujitsuNot Affected-31 Oct 2001
IBMNot Affected-26 Sep 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was originally reported in a Caldera-SCO security advisory .

This document was written by Jason Rafail.

Other Information

  • CVE IDs: Unknown
  • Date Public: 27 Jun 2001
  • Date First Published: 25 Sep 2001
  • Date Last Updated: 31 Oct 2001
  • Severity Metric: 8.91
  • Document Revision: 20

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.