{"vuid":"VU#798263","idnumber":"798263","name":"Taylor UUCP Package fails to properly filter command line arguments","keywords":["uucp","uux","uuxqt","unix to unix copy","linux","input validation"],"overview":"Several Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp, usually root.","clean_desc":"A component of the UUCP package, uuxqt, is a daemon  that executes commands requested by uux either from the local system or from remote  systems. Before executing the command, uuxqt is supposed to filter dangerous command arguments. It fails to properly filter command line arguments that are specified in their long format. This can allow an intruder to gain elevated privileges and execute commands.","impact":"An intruder can gain elevated privileges and execute commands.","resolution":"Apply the patches and upgrades provided by your vendor.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by zen-parse.","author":"This document was written by Jason Rafail.","public":["http://www.securityfocus.com/bid/3312","http://www.redhat.com/support/errata/RHSA-2001-165.html","http://www.suse.de/de/support/security/2001_038_uucp_txt.txt","http://www.caldera.com/support/security/advisories/CSSA-2001-033.0.txt","http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-078.php3?dis=8.0","http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425","http://archives.neohapsis.com/archives/bugtraq/2001-09/0053.html"],"cveids":["CVE-2001-0873"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-09-25T17:24:34Z","publicdate":"2001-09-08T00:00:00Z","datefirstpublished":"2001-09-25T19:36:00Z","dateupdated":"2002-02-08T16:09:26Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"20","cam_attackeraccessrequired":"12","cam_scorecurrent":"21.375","cam_scorecurrentwidelyknown":"21.375","cam_scorecurrentwidelyknownexploited":"38.475","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":21.375,"vulnote":null}