OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: security-alertcaldera.com
Date: Tue Nov 06 2001 - 15:29:29 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com security-announcelists.securityportal.com announcelists.caldera.com scoannmodxenitec.on.ca

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: Open UNIX, UnixWare 7: DCE SPC library buffer overflow
    Advisory number: CSSA-2001-SCO.30
    Issue date: 2001 November 6
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            The DCE SPC library is vulnerable to a network buffer overflow
            attack. This bug manifests itself in dtspcd.
            

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 All /usr/dt/lib/libDtSvc.so.1
            Open UNIX 8.0.0 /usr/dt/lib/libDtSvc.so.1

    3. Workaround

            None.

    4. UnixWare 7, Open UNIX 8

      4.1 Location of Fixed Binaries

            ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/

      4.2 Verification

            md5 checksums:
            
            8d5c98f761dd68aa108794d8ed5c70f1 erg711881.Z

            md5 is available for download from

                    ftp://stage.caldera.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/erg711881.Z
            # pkgadd -d /tmp/erg711881

    5. References

            CERT / ISS draft advisory VU#172583

            This and other advisories are located at
                    http://stage.caldera.com/support/security

            This advisory addresses Caldera Security internal incidents
            sr854831, fz519245, and erg711881

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers, intended to promote the secure installation
            and use of Caldera International products.

    7. Acknowledgements

            This vulnerability was discovered and researched by Chris
            Spencer of the ISS X-Force.

             
    ___________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjvoVjkACgkQaqoBO7ipriHGfQCfUrWPMxGOx4d/vmlnJcph8U7j
    xIcAn1sZxuJjF8bKpabBsaNVMFHgCua9
    =LzIm
    -----END PGP SIGNATURE-----