Vulnerabilities > CVE-2001-0873 - Unspecified vulnerability in IAN Lance Taylor Uucp 1.0.6
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Taylor UUCP 1.0.6 Argument Handling Privilege Elevation Vulnerability. CVE-2001-0873. Local exploit for unix platform |
| id | EDB-ID:21106 |
| last seen | 2016-02-02 |
| modified | 2001-09-08 |
| published | 2001-09-08 |
| reporter | zen-parse |
| source | https://www.exploit-db.com/download/21106/ |
| title | Taylor UUCP 1.0.6 - Argument Handling Privilege Elevation Vulnerability |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-079.NASL |
| description | Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by the uucp uid, which effectively means that a local user can completely subvert the UUCP subsystem, including stealing mail, etc. If a remote user with UUCP access is able to create files on the local system, and can successfully make certain guesses about the local directory structure layout, then the remote user can also subvert the UUCP system. A default installation of UUCP will permit a remote user to create files on the local system if the UUCP public directory has been created with world write permissions. Obviously this security hole is serious for anybody who uses UUCP on a multi-user system with untrusted users, or anybody who uses UUCP and permits connections from untrusted remote systems. It was thought that this problem has been fixed with DSA 079-1, but that didn |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14916 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14916 |
| title | Debian DSA-079-2 : uucp - uucp uid/gid access |
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
- http://marc.info/?l=bugtraq&m=100715446131820
- http://rhn.redhat.com/errata/RHSA-2001-165.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
- http://www.debian.org/security/2001/dsa-079
- http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html
- http://www.securityfocus.com/archive/1/212892
- http://www.securityfocus.com/bid/3312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7099