Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com scoannmod@xenitec.on.ca 


Do not reply to this mail. This security advisory is being sent from a
nonexistent address in order to avoid spam problems.  Caldera's
contact address for UNIX security issues is security-alert@caldera.com.


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: various scoadmin/sysadm subprograms have buffer overflows
Advisory number: 	CSSA-2001-SCO.25
Issue date: 		2001 October 11
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	Various programs that scoadmin and sysadmsh use have buffer
	overflows that could be used by a malicious user to gain
	privilege.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/usr/lib/sysadm/atcronsh
						/usr/lib/sysadm/auditsh
						/usr/lib/sysadm/authsh
						/usr/lib/sysadm/backupsh
						/usr/lib/sysadm/lpsh
						/usr/lib/sysadm/sysadm.menu
						/usr/lib/sysadm/termsh


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.25/


  4.2 Verification

	md5 checksums:
	
	baf6e1a57f8a86803362a5cf798883aa	sysadm.tar.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	( Note: if the sysadmsh subsystem is not installed, it is
	normal for some of the following mv commands to fail.)

	# uncompress /tmp/sysadm.tar.Z
	# for i in atcronsh auditsh authsh backupsh lpsh sysadm.menu termsh
	> do
	> mv /usr/lib/sysadm/$i /usr/lib/sysadm/${i}-
	> chmod 0 /usr/lib/sysadm/${i}-
	> done
	# cd /
	# tar xvf /tmp/sysadm.tar


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr849820, SCO-559-1295 and erg711790.

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Caldera International wishes to thank KF <dotslash@snosoft.com>
        for discovering and reporting this problem.

	 
___________________________________________________________________________

PGP signature

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux