Brock, As far as I know UnixWare does not install any skunkware components during your standard system installation. The only way you would have gotten these components onto your system would be by installing the skunkware cd seperately. Would you mind double checking your system for skunkware? Also, when bug reporting, please make sure you have all of the latest fixes on your machine, which are available from www.sco.com/security. Note that we did implement a sticky directory patch some time ago that would have stopped the pis, mkpid bugs from working, along with others that involve trivial symlinks in sticky directories. Cheers, Aaron On 21 Jan 2000, Brock Tellier wrote: > Aaron Sigel <aaronsat_private> wrote: > > Greetings, > > > > Recent Bugtraq posts have exposed security holes with a couple > > packages distributed with SCO's Skunkware CD. These packages > > are: > > majordomo (wrapper, resend) > > orion (pis, mkpis) > > > > These issues are security holes in the distributed versions of these > > packages, and are not SCO security holes. > > No, I was doing a UnixWare audit, which, as far as I know, does not include > the Skunkware CD. Even if it does, I'm sure I didn't install it on top of the > normal UW CD install. If these applications are from the Skunkware distro and > were merely included on the UW installation CD's, the user is never notified > that they are installing "unsupported", possibly insecure software. From an > end-user perspective, it doesn't make any difference that these programs are > insecure but not written by SCO. > > Brock Tellier > UNIX Systems Administrator > Chicago, IL, USA > btellierat_private > > > ____________________________________________________________________ > Get free email and a permanent address at http://www.netaddress.com/?N=1 > -- Aaron Sigel, Secure Technologies Group, SCO - aaronsat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:41 PDT