Warning: Local root hole in UUCP

A quick warning to anyone who isn't keeping track of such things: Many unix systems have a UUCP-related root hole. In particular, any system which runs UUCP-owned binaries as root (which commonly occurs via cron jobs running uustat) is likely to be vulnerable. So far this is known to include OpenBSD 2.8 and FreeBSD 4.3, and lesser problems have been demonstrated on various linuxes (although it is quite possible that root exploits exist for those as well).

The original Bugtraq post is here.

The workaround, at least until a proper solution is developed, is to disable UUCP; exact details will vary but

Code: 
find / -user uucp -type f -exec chmod a-x {} ';'
should work on most systems.

 

 

 

 

Top