=========================================================================== SCO Security Bulletin 99.09 7th June 1999 Packaging commands have unnecessary privilege. --------------------------------------------------------------------------- I. Description In UnixWare 7.1.0 unnecessary privilege has been given to some packaging commands, and as a result system security can be compromised. II. Impact These privileges allow any user to add or remove software packages. We strongly recommend that immediately after installing UnixWare 7.1.0 you apply ptf7408. III. Releases SCO UnixWare 7.1.0 only. IV. Solution SCO is providing a patch to address this issue in the form of a Support Level Supplement (SLS) PTF7408. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SLS/ptf7408.txt (cover letter, ASCII text) There is no tar archive at present. Compuserve: GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames: ptf7408b.txt (cover letter, ASCII text) Checksums (sum -r): 03398 5 ptf7408.txt V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB-99.09b, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)