From security@caldera.com Thu May 30 14:13:09 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, scoannmod@xenitec.on.ca Date: Tue, 28 May 2002 16:07:42 -0700 Subject: Security Update: [CSSA-2002-SCO.22] OpenServer 5.0.5 OpenServer 5.0.6 : scoadmin command creates temporary files insecurely To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 : scoadmin command creates temporary files insecurely Advisory number: CSSA-2002-SCO.22 Issue date: 2002 May 28 Cross reference: ______________________________________________________________________________ 1. Problem Description The scoadmin command creates and uses temporary files insecurely. Names can be predicted, and spoofed with symbolic links. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 /etc/sysadm.d/lib/sysadm.tlib /etc/sysadm.d/lib/sysadm.tndx OpenServer 5.0.6 /etc/sysadm.d/lib/sysadm.tlib /etc/sysadm.d/lib/sysadm.tndx 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.5 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22 4.2 Verification MD5 (VOL.000.000) = 814cc4af8e653baf220f2a94b23ff741 md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: 1) Download the VOL* files to the /tmp directory Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 5.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22 5.2 Verification MD5 (VOL.000.000) = 814cc4af8e653baf220f2a94b23ff741 md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: 1) Download the VOL* files to the /tmp directory Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: none Caldera UNIX security resources: http://stage.caldera.com/support/security/ Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr847944, SCO-1-233, erg711739. 7. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 8. Acknowledgements Kevin Finisterre (dotslash@snosoft.com) discovered and researched this vulnerability. ______________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]