Bugtraq mailing list archives
Re: Info on some security holes reported against SCO Unixware.
From: aarons () SCO COM (Aaron Sigel)
Date: Fri, 21 Jan 2000 18:44:36 +0000
Brock, As far as I know UnixWare does not install any skunkware components during your standard system installation. The only way you would have gotten these components onto your system would be by installing the skunkware cd seperately. Would you mind double checking your system for skunkware? Also, when bug reporting, please make sure you have all of the latest fixes on your machine, which are available from www.sco.com/security. Note that we did implement a sticky directory patch some time ago that would have stopped the pis, mkpid bugs from working, along with others that involve trivial symlinks in sticky directories. Cheers, Aaron On 21 Jan 2000, Brock Tellier wrote:
Aaron Sigel <aarons () SCO COM> wrote:Greetings, Recent Bugtraq posts have exposed security holes with a couple packages distributed with SCO's Skunkware CD. These packages are: majordomo (wrapper, resend) orion (pis, mkpis) These issues are security holes in the distributed versions of these packages, and are not SCO security holes.No, I was doing a UnixWare audit, which, as far as I know, does not include the Skunkware CD. Even if it does, I'm sure I didn't install it on top of the normal UW CD install. If these applications are from the Skunkware distro and were merely included on the UW installation CD's, the user is never notified that they are installing "unsupported", possibly insecure software. From an end-user perspective, it doesn't make any difference that these programs are insecure but not written by SCO. Brock Tellier UNIX Systems Administrator Chicago, IL, USA btellier () usa net ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
-- Aaron Sigel, Secure Technologies Group, SCO - aarons () sco com
Current thread:
- Re: Info on some security holes reported against SCO Unixware. Brock Tellier (Jan 21)
- Re: Info on some security holes reported against SCO Unixware. Aaron Sigel (Jan 21)