To: bugtraqat_private security-announceat_private announceat_private ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenUnix, UnixWare: su buffer overflow Advisory number: CSSA-2001-SCO.7 Issue date: 2001 July 24 Cross reference: ___________________________________________________________________________ 1. Problem Description Long values of the TERM variable can cause the su command to have a memory fault. This might be exploited by an unauthorized user to gain privileges. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 All /usr/bin/su /sbin/su OpenUnix 8 8.0.0 /usr/bin/su /sbin/su 3. Workaround None. 4. UnixWare 7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/unixware/sr849768/ 4.2 Verification md5 checksums: 1381b35641cce39556d9d8365a170821 erg711787a.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711787a.Z # pkgadd -d /tmp/erg711787a 5. OpenUnix 8 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/openunix/sr849768/ 4.2 Verification md5 checksums: 1381b35641cce39556d9d8365a170821 erg711787a.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711787a.Z # pkgadd -d /tmp/erg711787a 6. References http://www.calderasystems.com/support/security/index.html 7. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 8.Acknowledgements Caldera International wishes to thank KF<dotslashat_private> for reporting the problem. ___________________________________________________________________________
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 15:31:32 PDT