OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: sco-securitycaldera.com
Date: Thu Aug 23 2001 - 18:34:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --qMm9M+Fa2AknHoGS
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: inline

    To: announcelists.caldera.com

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: OpenServer: mana buffer overflow
    Advisory number: CSSA-2001-SCO.12
    Issue date: 2001 August 20
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description

            /usr/internet/admin/mana/mana was subject to a buffer overflow
            that could be used by a malicious user to gain root access.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            OpenServer <= 5.0.6a /usr/internet/admin/mana/mana

    3. Workaround

            None.

    4. OpenServer

      4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/security/openserver/sr847464/

      4.2 Verification

            md5 checksums:

            c7c06ccffc481b78e249dd6474996222 mana.Z

            md5 is available for download from

                    ftp://ftp.sco.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/mana.Z
            # mv /usr/internet/admin/mana/mana /usr/internet/admin/mana/mana.old
            # cp /tmp/mana /usr/internet/admin/mana
            # chown root /usr/internet/admin/mana/mana
            # chgrp sys /usr/internet/admin/mana/mana
            # chmod 6755 /usr/internet/admin/mana/mana

    5. References

            http://www.calderasystems.com/support/security/index.html

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    ___________________________________________________________________________

    --qMm9M+Fa2AknHoGS
    Content-Type: application/pgp-signature
    Content-Disposition: inline

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjuFkx8ACgkQaqoBO7ipriFY4wCgma8El92vYGdrNNdVYi97aFuG
    740AmgMe4qrAUXVP+yWWTyc7Aoy/kNyt
    =XFfo
    -----END PGP SIGNATURE-----

    --qMm9M+Fa2AknHoGS--