OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: sco-securitycaldera.com
Date: Thu Jul 26 2001 - 12:48:07 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: announcelists.caldera.com bugtraqsecurityfocus.com security-announcelists.securityportal.com

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: OpenServer: /etc/popper buffer overflow
    Advisory number: CSSA-2001-SCO.8
    Issue date: 2001 July 26
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            The popper daemon /etc/popper was subject to a buffer overflow
            that could be used by a malicious user.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            OpenServer <= 5.0.6a /etc/popper

    3. Workaround

            None.

    4. OpenServer

      4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/security/openserver/sr848324/

      4.2 Verification

            md5 checksums:
            
            8795253219fbcbba3027f0c37f6a884e popper.Z

            md5 is available for download from

                    ftp://ftp.sco.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/popper.Z
            # mv /etc/popper /etc/popper.old
            # cp /tmp/popper /etc
            # chown bin /etc/popper
            # chgrp bin /etc/popper
            # chmod 755 /etc/popper

    5. References

            http://www.calderasystems.com/support/security/index.html

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    7.Acknowledgements

            Caldera International wishes to thank Gustavo Viscaino for
            originally finding the problem, Michael Brennen
            <mbrennenfni.com> for forwarding the problem report from the
            qpopper list, and the folks at Qualcomm for fixing the
            problem.
             
    ___________________________________________________________________________

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: announce-unsubscribelists.caldera.com
    For additional commands, e-mail: announce-helplists.caldera.com