REVISION: Security Update: [CSSA-2001-SCO.24.1] OpenServer: shell here-documents allow various security breaches

From: securityat_private
Date: Tue Dec 04 2001 - 12:37:51 PST

Next message: Information Anarchy 2K01: "NMRC Advisory - Multiple Valicert Problems"

Previous message: Jose Nazario: "security issue with lpd (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private scoannmodat_private

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		REVISION: OpenServer: shell here-documents allow various security breaches
Advisory number: 	CSSA-2001-SCO.24.1
Issue date: 		2001 December 4
Cross reference:	CSSA-2001-SCO.24
___________________________________________________________________________


1. Problem Description
	
	*************************************************************
	The original binaries supplied to fix this vulnerability were
	flawed, exhibiting a variety of unusual behaviors. If you have
	already applied CSSA-2001-SCO.24, Caldera recommends that you
	immediately apply this new version, CSSA-2001-SCO.24.1.
	*************************************************************	

	Shell here-document processing is vulnerable to a variety of
	security attacks.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/bin/sh
						/sbin/sh
						/bin/csh
						/bin/ksh
						/usr/bin/euc/ksh
						/usr/lib/scosh/utilbin/oash

3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/


  4.2 Verification

	md5 checksums:
	
	05a3f8b4a00f806f919d0dd723d2b2db	shells.tar.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/shells.tar.Z
	# for i in /bin/csh /bin/ksh /bin/sh /sbin/sh /usr/bin/euc/ksh /usr/lib/scosh/utilbin/oash
	> do
	> mv $i ${i}-
	> done
	# cd /
	# tar xvf /tmp/shells.tar

5. References

	http://www.kb.cert.org/vuls/id/10277

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr847825, erg711733.

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	The original discoverer of this vulnerability was Gordon Irlam
	of the Univeristy of Adelaide, Australia.

	 
___________________________________________________________________________

application/pgp-signature attachment: stored

Next message: Information Anarchy 2K01: "NMRC Advisory - Multiple Valicert Problems"
Previous message: Jose Nazario: "security issue with lpd (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 13:12:05 PST