From security@caldera.com Sat Dec 8 12:02:21 2001 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, scoannmod@xenitec.on.ca Date: Fri, 7 Dec 2001 10:31:02 -0800 Subject: Security Update: [CSSA-2001-SCO.38] OpenServer: lpstat buffer overflow To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: lpstat buffer overflow Advisory number: CSSA-2001-SCO.38 Issue date: 2001 December 7 Cross reference: sse072 ___________________________________________________________________________ 1. Problem Description Even with sse072, lpstat has a buffer overflow. This could be used by a malicious user to gain privileges. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a /usr/bin/lpstat 3. Workaround If the lpstat command is not required, remove the setgid bit from the binary: chmod g-s /usr/bin/lpstat 4. OpenServer 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.38/ 4.2 Verification md5 checksums: 2deab6d340bb3790104fa0cb8ae36e6c erg711871.pkg.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711871.pkg.Z # pkgadd -d /tmp/erg711871.pkg 5. References This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr854294, SCO-559-1315, erg711871. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ___________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]