CVE-2001-0873

Name of the Vulnerable Software and Affected Versions uucp versions 1.06.1 and earlier Taylor UUCP package (affected versions not specified)

Description The issue affects the uucp package in Debian GNU/Linux and Red Hat Linux operating systems, potentially leading to breaches of confidentiality, integrity, and availability of protected information. A local attacker can exploit this issue. Technical details include the uuxqt component of the Taylor UUCP package, which fails to properly remove dangerous long options. This allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option, using variables like --config to manipulate the system.

Recommendations For uucp version 1.06.1, consider restricting access to the uuxqt component until a patch is available. For Taylor UUCP package, as a temporary workaround, consider disabling the uux function with the --config option to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.