From listmaster@locutus.calderasystems.com Wed Aug 25 13:30:56 1999 From: listmaster@locutus.calderasystems.com Resent-From: mea culpa To: announce@lists.calderasystems.com Resent-To: jericho@attrition.org Date: 24 Aug 1999 18:09:07 -0000 Reply-To: info@calderasystems.com Subject: Security Advisory 22 -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: Security issues with telnetd and libcurses Advisory number: CSSA-1999:022.0 Issue date: 1999 August, 23 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a vulnerability in the telnet server included in Caldera OpenLinux. When connecting, a telnet client transmits the user's terminal type to the server. By passing a bogus terminal type, an attacker can fool the server into opening and reading almost random files, e.g. in the /proc filesystem. On some machines, reading certain files below /proc can cause the machine to lock up. The same problem exists in setuid applications linked against libncurses, such as screen. 2. Vulnerable Versions Systems: up to COL 2.2, Packages: previous to netkit-telnet-0.12-3 previous to ncurses-4.2-3 3. Solutions The proper solution is to upgrade to the latest packages rpm -U netkit-telnet-0.12-3.i386.rpm rpm -U ncurses-4.2-3.i386.rpm rpm -U ncurses-termcap-devel-static-4.2-3.i386.rpm rpm -U ncurses-termcap-devel-4.2-3.i386.rpm rpm -U ncurses-devel-4.2-3.i386.rpm rpm -U ncurses-devel-static-4.2-3.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U netkit-telnet-0.12-3.i386.rpm rpm -U ncurses-4.2-3.i386.rpm rpm -U ncurses-termcap-devel-static-4.2-3.i386.rpm rpm -U ncurses-termcap-devel-4.2-3.i386.rpm rpm -U ncurses-devel-4.2-3.i386.rpm rpm -U ncurses-devel-static-4.2-3.i386.rpm 6. Verification 825d8c5336581492ef7d59d857aa6d06 RPMS/ncurses-4.2-3.i386.rpm 2b91f24d44ead31c9c6da0ac427caf53 RPMS/ncurses-devel-4.2-3.i386.rpm ffb4eaa3c04a1a2825f14535706ed4e0 RPMS/ncurses-devel-static-4.2-3.i386.rpm d17e8a8fd9caba38ad317c5171173848 RPMS/ncurses-termcap-devel-4.2-3.i386.rpm 3a43b39d48258635677ce91221393add RPMS/ncurses-termcap-devel-static-4.2-3.i386.rpm 30c87d77a1ad2731931b3090fabd00b6 RPMS/netkit-telnet-0.12-3.i386.rpm 0aaae02a2bd53ed55eb9be736b5e9338 SRPMS/ncurses-4.2-3.src.rpm 6bd78bbefc87f877a17bbc0f04596d6c SRPMS/netkit-telnet-0.12-3.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 5086 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN8JnHOn+9R4958LpAQGdUwP+L1PGz0+5AiGzZfT0I8TfQWrQedKWuY11 uWu/eps7h3hMLyLr6EnTG0s/WhIXjT1MfBmHvrj6If4GC1jaylDe9fLzT5Npuy3K QHfuiczmmJuzZL0/v9K7sEyMRmlBRtsi1dgzbjDmiaX1cM5JnlG6Gd7V1uBafV0v YprgbK2SLwU= =r9j4 -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.