To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: xterms in saved CDE sessions
Advisory number: CSSA-2001-SCO.37
Issue date: 2001 December 5
Cross reference:
___________________________________________________________________________
1. Problem Description
In UnixWare 7.1.x and Open Unix 8.0.0, xterms saved in previous
desktop sessions can acquire privileges they should not have in
subsequent sessions.
In UnixWare 7.1.x, xterms saved in previous desktop sessions do
not honor the value of the LD_LIBRARY_PATH environment variable.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.x /usr/dt/bin/dtsession
Open UNIX 8.0.0 /usr/dt/bin/dtsession
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.37/
4.2 Verification
md5 checksums:
eb52ca9bcb98ada422002594e6654ff0 erg711820.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711820.Z
# pkgadd -d /tmp/erg711820
5. References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr848309, fz51679, and erg711820.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
___________________________________________________________________________
PGP signature
