To: bugtraqat_private announceat_private scoannmodat_private ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Open UNIX, UnixWare 7: xterms in saved CDE sessions Advisory number: CSSA-2001-SCO.37 Issue date: 2001 December 5 Cross reference: ___________________________________________________________________________ 1. Problem Description In UnixWare 7.1.x and Open Unix 8.0.0, xterms saved in previous desktop sessions can acquire privileges they should not have in subsequent sessions. In UnixWare 7.1.x, xterms saved in previous desktop sessions do not honor the value of the LD_LIBRARY_PATH environment variable. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 7.1.x /usr/dt/bin/dtsession Open UNIX 8.0.0 /usr/dt/bin/dtsession 3. Workaround None. 4. UnixWare 7, Open UNIX 8 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.37/ 4.2 Verification md5 checksums: eb52ca9bcb98ada422002594e6654ff0 erg711820.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711820.Z # pkgadd -d /tmp/erg711820 5. References This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr848309, fz51679, and erg711820. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ___________________________________________________________________________
This archive was generated by hypermail 2b30 : Thu Dec 06 2001 - 12:01:01 PST