-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Rene Ritzen Index : S-96-29 Distribution : World Page : 1 Classification: External Version: 1 Subject : Vendor Initiated Bulletin: SCO kernel sec. Date : 12-jun-96 =============================================================================== By courtesy of the CERT Coordination Center we received information on a vulnerability in the kernel security of some SCO products. The Santa Cruz Operation urges you to act on this information as soon as possible. Santa Cruz Operation contact information is included in the forwarded text below; please contact them if you have any questions or need further information. CERT-NL recommends to implement the provided patch. =========================================================================== SCO Security Bulletin 96:001 June 7, 1996 Patch for kernel security issue - - --------------------------------------------------------------------------- The Santa Cruz Operation has discovered the following problem present in our Software: I. Description A problem in a kernel error handling routine may allow unauthorized root access to the system. II. Impact Any user with an account on the system may be able to gain root access by forcibly causing a particular kernel error handling routine to be executed. To gain access would require that the user intentionally write and then execute a program to exploit this problem. Alternatively, a user could unintentionally allow root access by executing a program previously written to take advantage of the problem. III. Releases This problem exists on the following releases of SCO Products: SCO OpenServer 5 SCO OpenServer 5.0.2 SCO Internet FastStart 1.0 IV. Solution SCO is providing the following (S)upport (L)evel (S)upplement to address the issue. It is recommended that all systems installed with one of the above releases also have SLS oss436a installed. SLS oss436a is available as follows: Anonymous ftp: - - -------------- ftp://ftp.sco.COM/SLS/oss436a.Z (patch disk) ftp://ftp.sco.COM/SLS/oss436a.ltr.Z (cover letter/install notes) UUCP: - - ----- This SLS is also available to be downloaded via UUCP from the following machines: sosco (USA) scolon (United Kingdom) The file names are: /usr/spool/uucppublic/SLS/oss436a.Z /usr/spool/uucppublic/SLS/oss436a.ltr.Z Telephone numbers and login names for UUCP are provided in the default /usr/lib/uucp/Systems file that ships with every SCO Operating System. Compuserve: - - ----------- SLS oss436a is also available in Library 11 in the SCO Forum on Compuserve. SCO Online Support (SOS) BBS: - - ----------------------------- SLS oss436 can also be downloaded interactively via X, Y, Z MODEM or Kermit, using the SCO Online Support System (SOS). Follow the menus selections under "Toolchest" from the main SOS menu. List of phone numbers available for interactive transfer from SOS are: 1-408-426-9495 (USA) +44 (0)1923 210 888 (United Kingdom) Checksums: - - ---------- MD5: MD5 (oss436a.Z) = e1e76be4486958b64c996cd3a8a1a4ff MD5 (oss436a.ltr.Z) = bbe35e5e4109b4f547757a37ab40f47b sum -r: 06102 43 oss436a.Z 54199 5 oss436a.ltr.Z Please note that these files are compressed. You must use the uncompress(C) command on these files before following the installation instructions in the resultant oss436a.ltr file. If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Daylight Time (PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Daylight Time (PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm Greenwich Mean Time (GMT) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax) ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl Phone: +31 302 305 305 Fax: +31 302 305 329 Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST members on request. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQCVAgUBMb6iCGL2fnkJN/jpAQEb2AP/R34RvIAys7RCu0k2hlz5qxa0mVT2JZ2l KpjRlbr2ujcQVEg/mr3ed/II1EhAD27yqw8OZenjNO6zU5MOGrFrJkmEl34dMo0x dD0dktK508gBfFmwLbmtDbFGM2NVqpAMy+LmHGmsglK35MxK42mH3uhlFNpdC/sz Sg4gpOaLUBQ= =kTF1 -----END PGP SIGNATURE-----