From listmaster@locutus.calderasystems.com Wed Aug 18 17:42:01 1999 From: listmaster@locutus.calderasystems.com Resent-From: mea culpa To: announce@lists.calderasystems.com Resent-To: jericho@attrition.org Date: 18 Aug 1999 16:00:01 -0000 Reply-To: info@calderasystems.com Subject: Security Advisory 19 -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: security problem with xmonisdn Advisory number: CSSA-1999:019.0 Issue date: 1999 August, 18 Cross reference: ______________________________________________________________________________ 1. Problem Description A security problem was discovered with xmonisdn (part of the isdn4k/utils package) that allows local users to obtain root privilege under certain circumstances (it's setuid root, and it invokes external commands using system(3)). 2. Vulnerable Versions Your system is not vulnerable unless you've installed shell scripts named /sbin/netup and/or /sbin/netdown, which are supposed to take the isdn network link up or down. The default installation on Caldera OpenLinux does not include these scripts. 3. Solutions These scripts don't exist in our default installation, and the problem is fixed in COL 2.3. 4. Location of Fixed Packages The COL packages are not vulnerable 5. Installing Fixed Packages Packages included in the distribution already fixed 6. Verification - 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 5070 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN7qQjen+9R4958LpAQFmUAQAhKCwd2G15NtQUth41wiQefssIGzr+yMm d8YzEKiTLuDHdGDRVnXNlFF4bljPdFGizgr50tJplQK1UXw2NYfT8jq6V20KzfoF BzZyIjc4YftnuITSkCUqabC2CpW/aaZQk5FHyBWPfYqhIu8gfUlIoHXgUDI/wwwV jPCRU2/DaRY= =kBlX -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.