OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: sco-securitycaldera.com
Date: Thu Aug 23 2001 - 17:03:16 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --ZPt4rx8FFjLCG7dd
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable

    To: bugtraqsecurityfocus.com announcelists.caldera.com security-announce=
    lists.securityportal.com

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: Open Unix, UnixWare: uidadmin buffer overflow
    Advisory number: CSSA-2001-SCO.14
    Issue date: 2001 August 23
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
    =09
            A very long argument to the uidadmin "-S" (scheme) argument
            causes uidadmin to core dump. This might be exploited by an
            unauthorized user to gain privilege.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 All /usr/bin/uidadmin
            Open Unix 8.0.0 /usr/bin/uidadmin

    3. Workaround

            None.

    4. UnixWare 7, Open Unix

      4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/security/openunix/sr847563/

      4.2 Verification

            md5 checksums:
    =09
            6778640ca80a88ed3af993adbe839bfb erg711722a.Z

            md5 is available for download from

                    ftp://ftp.sco.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/erg711722a.Z
            # pkgadd -d /tmp/erg711722a

    5. References

            http://www.calderasystems.com/support/security/index.html

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    ___________________________________________________________________________

    --ZPt4rx8FFjLCG7dd
    Content-Type: application/pgp-signature
    Content-Disposition: inline

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjuFfaQACgkQaqoBO7ipriFYHACfbVUNlqmaHd91138rMnK/feM3
    A0gAmwcKj7Q7uaVGWL48xgOHJMbLgNd0
    =nn/2
    -----END PGP SIGNATURE-----

    --ZPt4rx8FFjLCG7dd--