To: bugtraqat_private announceat_private scoannmodat_private ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: /bin/login and /etc/getty argument buffer overflow Advisory number: CSSA-2001-SCO.40 Issue date: 2001 December 14 Cross reference: ___________________________________________________________________________ 1. Problem Description A remotely exploitable buffer overflow exists in /bin/login and /etc/getty. Attackers can exploit this vulnerability to gain root access to the server. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a /bin/login /etc/getty 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/ erg711877.506.tar.Z is the patch for SCO OpenServer Release 5.0.6, with or without Release Supplement 5.0.6a (rs506a). Note that other security issues are corrected by rs506a; we strongly recommend installing it on all 5.0.6 systems. erg711877.505.tar.Z is the patch for SCO OpenServer Release 5.0.5 and earlier. Although it should work with all releases 5.0.0 through 5.0.5, it has not yet been tested on every release. 4.2 Verification md5 checksums: e1748ebb4710796620c15017e52eecc0 erg711877.505.tar.Z 627a41d22040872f967cb5387c7e629c erg711877.506.tar.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: For 5.0.6 and 5.0.6a: Download erg711877.506.tar.Z to the /tmp directory # mv /bin/login /bin/login- # mv /etc/getty /etc/getty- # chmod 0 /bin/login- /etc/getty- # uncompress erg711877.506.tar.Z # cd / # tar xvf /tmp/erg711877.506.tar For pre-5.0.6: Download erg711877.505.tar.Z to the /tmp directory # mv /bin/login /bin/login- # mv /etc/getty /etc/getty- # chmod 0 /bin/login- /etc/getty- # uncompress erg711877.505.tar.Z # cd / # tar xvf /tmp/erg711877.505.tar 5. References http://www.cert.org/advisories/CA-2001-34.html http://www.kb.cert.org/vuls/id/569272 http://xforce.iss.net/alerts/advise105.php This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr854610, SCO-559-1318, erg711877. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements This vulnerability was discovered and researched by Mark Dowd of the ISS X-Force. ___________________________________________________________________________
This archive was generated by hypermail 2b30 : Fri Dec 14 2001 - 14:32:37 PST