OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: sco-securitycaldera.com
Date: Mon Oct 01 2001 - 12:58:05 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com security-announcelists.securityportal.com announcelists.caldera.com scoannmodxenitec.on.ca

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: Open Unix, UnixWare 7: dtaction argument buffer overflow
    Advisory number: CSSA-2001-SCO.21
    Issue date: 2001 October 1
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            Very long arguments to the dtaction command cause an argument
            buffer overflow. This could be used by an unauthorized user
            to gain privilege.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 All /usr/dt/bin/dtaction
            Open Unix 8.0.0 /usr/dt/bin/dtaction

    3. Workaround

            None.

    4. UnixWare 7

      4.1 Location of Fixed Binaries

            ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.21/

      4.2 Verification

            md5 checksums:
            
            73300a4b513babf273c56ff67a4ff60e dtaction.Z

            md5 is available for download from

                    ftp://stage.caldera.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # mv /usr/dt/bin/dtaction /usr/dt/bin/dtaction-
            # uncompress /tmp/dtaction.Z
            # cp dtaction /usr/dt/bin
            # cd /usr/dt/bin
            # chown root dtaction
            # chgrp sys dtaction
            # chmod 6555 dtaction

    5. References

            This and other advisories are located at
                    http://stage.caldera.com/support/security

            This advisory addresses Caldera Security internal incident
            sr847409.

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    7. Acknowledgements

            Caldera International wishes to thank KF <dotslashsnosoft.com>
            for discovering and reporting this problem.

             
    ___________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAju4rq0ACgkQaqoBO7ipriGLPgCfQGTtBzVKvNGeKuxiLEzY4TRr
    STsAoIdrsb8AzYzSTd4iyzJy0r0r6vBl
    =7LmD
    -----END PGP SIGNATURE-----