Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely

From: security () caldera com
Date: Thu, 24 Jan 2002 15:59:49 -0800
To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open UNIX, UnixWare 7: sort creates temporary files insecurely
Advisory number:        CSSA-2002-SCO.2
Issue date:             2002 January 24
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        The sort command created temporary files in an insecure
        manner. This could be used by an unauthorized user to gain
        privilege.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare 7              7.1.*           /usr/bin/sort
        Open UNIX               8.0.0           /usr/bin/sort


3. Workaround

        None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/


  4.2 Verification

        MD5 (erg711766.Z) = 7e640423400147d3c1c905c1ad0cfe23


        md5 is available for download from

                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg711766.Z to the /tmp directory

        # uncompress /tmp/erg711766.Z
        # pkgadd -d /tmp/erg711766


5. References

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr848816, fz518198, erg711766.


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.

         
___________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: