Security Update: [CSSA-2001-SCO.7] OpenUnix, UnixWare: su buffer overflow

From: sco-securityat_private
Date: Tue Jul 24 2001 - 15:12:00 PDT

Next message: Kris Kennaway: "Re: multiple vendor telnet daemon vulnerability"

Previous message: Aaron Silver: "Re: telnetd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private security-announceat_private announceat_private

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenUnix, UnixWare: su buffer overflow
Advisory number: 	CSSA-2001-SCO.7
Issue date: 		2001 July 24
Cross reference:
___________________________________________________________________________



1. Problem Description
	
	Long values of the TERM variable can cause the su command to
	have a memory fault. This might be exploited by an
	unauthorized user to gain privileges.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/bin/su
						/sbin/su
	OpenUnix 8		8.0.0		/usr/bin/su
						/sbin/su


3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/unixware/sr849768/


  4.2 Verification

	md5 checksums:
	
	1381b35641cce39556d9d8365a170821	erg711787a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711787a.Z
	# pkgadd -d /tmp/erg711787a


5. OpenUnix 8

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/openunix/sr849768/


  4.2 Verification

	md5 checksums:
	
	1381b35641cce39556d9d8365a170821	erg711787a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:


	# uncompress /tmp/erg711787a.Z
	# pkgadd -d /tmp/erg711787a


6. References

	http://www.calderasystems.com/support/security/index.html


7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


8.Acknowledgements

	Caldera International wishes to thank KF<dotslashat_private>
	for reporting the problem.
	 
___________________________________________________________________________

application/pgp-signature attachment: stored

Next message: Kris Kennaway: "Re: multiple vendor telnet daemon vulnerability"
Previous message: Aaron Silver: "Re: telnetd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 15:31:32 PDT