From info@calderasystems.com Tue Mar 2 17:15:38 1999 From: Caldera Systems Information To: caldera-announce@rim.caldera.com Date: Tue, 2 Mar 1999 17:05:27 -0700 Reply-To: info@caldera.com Subject: SECURITY [CSSA-1999:006.0] -- dosemu buffer overflow -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: Advisory number: CSSA-1999:006.0 Issue date: 1999 Feb 24 Cross reference: ______________________________________________________________________________ 1. Problem Description The TERM and TERMINFO environmentables can be used to cause buffer overflows in dosemu. General security problems with suid root (from Erik Mouw J.A.K.Mouw@its.tudelft.nl): Note that any Dosemu version running suid root with DPMI enabled is inherently unsafe. A DPMI program in Dosemu is able to use Linux system calls, including system calls that require root privileges. The Dosemu Team is not able to fix this security hole; system administrators who are serious about security, should not install Dosemu suid-root. Dosemu can run non-suid on the Slangterminal, under X, in the background and even on serial lines (bbs'es for example). 2. Vulnerable Versions Systems: OpenLinux 1.0, 1.1, 1.2, 1.3. Packages: < dosemu-0.98.5-1.i386.rpm 3. Solutions The proper solution is to upgrade to the dosemu-0.98.5 package. For security dosemu should not be installed with the SUID bit set on its binaries. 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/RPMS/ The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q dosemu && rpm -U dosemu-0.98.5.i386.rpm 6. Verification The MD5 checksums (from the "md5sum" command) for these packages are: 092455b8c1c863e486458d2d6681d8e5 RPMS/dosemu-0.98.5-1.i386.rpm f9d67120bfb3898ba88fd34ff114417c SRPMS/dosemu-0.98.5-1.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html Additional documentation on this problem can be found in: http://geek-girl.com/bugtraq/1999_1/0040.html This security fix closes Caldera's internal Problem Report 4253. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNtv/Ben+9R4958LpAQGrZgQAtHGGVrxThT0rtr8euCzZfF1pwgYX8HWG 09ZyAFHGYtvcWRYXkJoYIBDJjlcTKsHkoKBSET5GKeaArhBVP1iCVF3Lt5x0KcgG RSSpa9brkh7dYLhKmVLelxnVsC9EL4HS56SMDMXLGndKSnx3OzVlhhFUJZT63+oz cS/xPYLf8v0= =SpXQ -----END PGP SIGNATURE----- - Notes: To learn how to use this list server, email a "help" command to majordomo@rim.caldera.com.