OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: securitycaldera.com
Date: Mon Nov 12 2001 - 19:17:30 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: Open UNIX, UnixWare 7: buffer overflow in ppp utilities
    Advisory number: CSSA-2001-SCO.32
    Issue date: 2001 November 12
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            There is a buffer overflow in several of the ppp utilities that
            are linked to /usr/bin/pppattach. This could be used by an
            unauthorized user to gain privilege.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 7.1.0, 7.1.1 /usr/bin/pppattach
            Open UNIX 8.0.0 /usr/bin/pppattach

    3. Workaround

            If you do not use ppp, remove the execute and/or setuid
            permissions from /usr/bin/pppattach.

    4. UnixWare 7, Open UNIX 8

      4.1 Location of Fixed Binaries

            ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/

      4.2 Verification

            md5 checksums:
            
            24cf948a3691be14398dcd63d2f8eafb erg711869b.Z

            md5 is available for download from

                    ftp://stage.caldera.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/erg711869b.Z
            # pkgadd -d /tmp/erg711869b

    5. References

            This and other advisories are located at
                    http://stage.caldera.com/support/security

            This advisory addresses Caldera Security internal incidents
            sr854234, fz519119 and erg711869.

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

             
    ___________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjvwdKkACgkQaqoBO7ipriEL4ACgouVaVKYDfHlS9HAeaFx9YusT
    iTgAoIFqpdMwRNRIf/tVOV7fewZhgKxi
    =3S7V
    -----END PGP SIGNATURE-----