Security Update: [CSSA-2001-SCO.24] OpenServer: shell here-documents allow various security breaches

[sco-security () caldera com]

To: bugtraq () securityfocus com security-announce () lists securityportal com announce () lists caldera com scoannmod 
() xenitec on ca



Do not reply to this mail. This security advisory is being sent from a
nonexistent address in order to avoid spam problems.  Caldera's
contact address for UNIX security issues is security-alert () caldera com.


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: shell here-documents allow various security breaches
Advisory number:        CSSA-2001-SCO.24
Issue date:             2001 October 9
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        Shell here-document processing is vulnerable to a variety of
        security attacks.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       /bin/sh
                                                /sbin/sh
                                                /bin/csh
                                                /bin/ksh
                                                /usr/bin/euc/ksh
                                                /usr/lib/scosh/utilbin/oash


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/


  4.2 Verification

        md5 checksums:
        
        76a2c883b71361ebb1180169e849734b        shells.tar.Z

        md5 is available for download from

                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/shells.tar.Z
        # for i in /bin/csh /bin/ksh /bin/sh /sbin/sh /usr/bin/euc/ksh /usr/lib/scosh/utilbin/oash
        > do
        > mv $i ${i}-
        > done
        # cd /
        # tar xvf /tmp/shells.tar

5. References

        http://www.kb.cert.org/vuls/id/10277

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incident
        sr847825.

6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        The original discoverer of this vulnerability was Gordon Irlam
        of the Univeristy of Adelaide, Australia.

         
___________________________________________________________________________

Attachment: _bin
Description: