Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2002-SCO.34] OpenServer 5.0.5 OpenServer 5.0.6 : uux status file name buffer overflow

From: security () caldera com
Date: Mon, 15 Jul 2002 17:06:03 -0700
To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

______________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                OpenServer 5.0.5 OpenServer 5.0.6 : uux status file name buffer overflow
Advisory number:        CSSA-2002-SCO.34
Issue date:             2002 July 15
Cross reference:
______________________________________________________________________________


1. Problem Description

        A very long status file name given to the uux program would
        cause it to memory fault. This could be used by a malicious
        local user to gain privilege.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.5                /usr/bin/uux
        OpenServer 5.0.6                /usr/bin/uux


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.5

        4.1 Location of Fixed Binaries

        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.34


        4.2 Verification

        MD5 (VOL.000.000) = 77bd1623ed1d220f976736124b743fc7

        md5 is available for download from
                ftp://ftp.caldera.com/pub/security/tools


        4.3 Installing Fixed Binaries

                Upgrade the affected binaries with the following commands:

        1) Download the VOL* files to the /tmp directory

        Run the custom command, specify an install from media images,
        and specify the /tmp directory as the location of the images.


5. OpenServer 5.0.6

        5.1 Location of Fixed Binaries

        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.34


        5.2 Verification

        MD5 (VOL.000.000) = 77bd1623ed1d220f976736124b743fc7

        md5 is available for download from
                ftp://ftp.caldera.com/pub/security/tools


        5.3 Installing Fixed Binaries

                Upgrade the affected binaries with the following commands:

        1) Download the VOL* files to the /tmp directory

        Run the custom command, specify an install from media images,
        and specify the /tmp directory as the location of the images.


6. References

        Specific references for this advisory:
                none

        Caldera security resources:
                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr865287, fz521102,
        erg712066.


7. Disclaimer

        Caldera International, Inc. is not responsible for the
        misuse of any of the information we provide on this website
        and/or through our security advisories. Our advisories are
        a service to our customers intended to promote secure
        installation and use of Caldera products.


8. Acknowledgements

        KF <dotslash () snosoft com> discovered and researched this
        vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: