Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Fri Nov 16 2001 - 17:28:16 CST
To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: xlock buffer overflow
Advisory number: CSSA-2001-SCO.34
Issue date: 2001 November 16
1. Problem Description
The /usr/bin/X11/xlock program contains a potential security
problem via a buffer overflow. This could be used by an
unauthorized user to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
UnixWare 7 7.1.0, 7.1.1 /usr/bin/X11/xlock
Open UNIX 8.0.0 /usr/bin/X11/xlock
Remove the setuid bit from the binary:
chmod -s /usr/bin/X11/xlock
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
md5 is available for download from
4.3 Installing Fixed Binaries
Download the xcontrib_801.pkg file to /usr/tmp.
This package is an upgrade install to UnixWare 7 xcontrib
package version 7.1.1 and Caldera OpenUNIX 8 version 8.0.0.
This version 8.0.1 contains all the components released with
any previous updates plus the bug fixes mentioned above. To
verify the currently installed version of this package:
# pkginfo -x xcontrib
It is not necessary, nor recommended, to remove previous
versions of this package from the system before installing
this updated version.
To install this package, you may use the SCOadmin Application
Installer from the desktop, or as a root login with pkgadd:
# pkgadd -d /usr/tmp/xcontrib_801.pkg
NOTE: Do not use /tmp as the download directory. It could fail
with a 'No space' message during pkgadd.
WARNING: UnixWare Update 7.x.x should be reapplied
can be safely ignored. There are no files in the Update which
patch this package.
This and other advisories are located at
This advisory addresses Caldera Security internal incidents
sr848020, fz518827, erg711744.
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----