From sco-security@caldera.com Fri Oct 12 07:40:10 2001 From: sco-security@caldera.com To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com, an=@caldera.com Date: Thu, 11 Oct 2001 13:55:50 -0700 Subject: Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com scoannmod@xenitec.on.ca Do not reply to this mail. This security advisory is being sent from a nonexistent address in order to avoid spam problems. Caldera's contact address for UNIX security issues is security-alert@caldera.com. ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: various scoadmin/sysadm subprograms have buffer overflows Advisory number: CSSA-2001-SCO.25 Issue date: 2001 October 11 Cross reference: ___________________________________________________________________________ 1. Problem Description Various programs that scoadmin and sysadmsh use have buffer overflows that could be used by a malicious user to gain privilege. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a /usr/lib/sysadm/atcronsh /usr/lib/sysadm/auditsh /usr/lib/sysadm/authsh /usr/lib/sysadm/backupsh /usr/lib/sysadm/lpsh /usr/lib/sysadm/sysadm.menu /usr/lib/sysadm/termsh 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.25/ 4.2 Verification md5 checksums: baf6e1a57f8a86803362a5cf798883aa sysadm.tar.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: ( Note: if the sysadmsh subsystem is not installed, it is normal for some of the following mv commands to fail.) # uncompress /tmp/sysadm.tar.Z # for i in atcronsh auditsh authsh backupsh lpsh sysadm.menu termsh > do > mv /usr/lib/sysadm/$i /usr/lib/sysadm/${i}- > chmod 0 /usr/lib/sysadm/${i}- > done # cd / # tar xvf /tmp/sysadm.tar 5. References This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr849820, SCO-559-1295 and erg711790. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements Caldera International wishes to thank KF for discovering and reporting this problem. ___________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]