To: announcelists.caldera.com security-announcelists.securityportal.com bugtraqsecurityfocus.com

_______________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject: Open Unix 8, UnixWare 7.1.1: in.telnetd buffer overflow
Advisory number: CSSA-2001-SCO.9
Issue date: 2001 August 1
Cross reference:
_______________________________________________________________________________

1. Problem Description
        
        The telnet daemon /usr/sbin/in.telnetd is subject to a buffer
        overflow problem that could be used by a malicious user to
        gain unauthorized access to a system.

2. Vulnerable Versions

        Operating System Version Affected Files
        ------------------------------------------------------------------
        UnixWare 7 All /usr/sbin/in.telnetd
        Open Unix 8 All /usr/sbin/in.telnetd

3. Workaround

        None.

4. UnixWare 7

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/unixware/sr849877/

  4.2 Verification

        md5 checksums:
        
        3870368dee25d0c957125c53c91599ee erg711792a.Z

        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/

  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/erg711792a.Z
        # pkgadd -d /tmp/erg711792a

5. Open Unix 8

  5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openunix/sr849878/

  5.2 Verification

        md5 checksums:
        
        3870368dee25d0c957125c53c91599ee erg711792a.Z

        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/

  5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/erg711792a.Z
        # pkgadd -d /tmp/erg711792a

6. References

        http://www.calderasystems.com/support/security/index.html

7. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.

8.Acknowledgements

        Caldera International would like to thank Sebastian
        <scutnb.in-berlin.de> for his posting on bugtraq, and KF
        <dotslashsnosoft.com> for reporting the problem to us.
         
___________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtoZhwACgkQaqoBO7ipriHwzACfWPO0hoc1Mt9J8KV8dd9HKi25
/e8An3RIZjOfnWnIpinEVXqYv8m4qQDe
=pr1i
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]