To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com scoannmod@xenitec.on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: DCE SPC library buffer overflow
Advisory number: CSSA-2001-SCO.30
Issue date: 2001 November 6
Cross reference:
___________________________________________________________________________
1. Problem Description
The DCE SPC library is vulnerable to a network buffer overflow
attack. This bug manifests itself in dtspcd.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/dt/lib/libDtSvc.so.1
Open UNIX 8.0.0 /usr/dt/lib/libDtSvc.so.1
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
4.2 Verification
md5 checksums:
8d5c98f761dd68aa108794d8ed5c70f1 erg711881.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711881.Z
# pkgadd -d /tmp/erg711881
5. References
CERT / ISS draft advisory VU#172583
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr854831, fz519245, and erg711881
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers, intended to promote the secure installation
and use of Caldera International products.
7. Acknowledgements
This vulnerability was discovered and researched by Chris
Spencer of the ISS X-Force.
___________________________________________________________________________
PGP signature
