OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: securitycaldera.com
Date: Wed Dec 05 2001 - 18:47:25 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: Open UNIX, UnixWare 7: xterms in saved CDE sessions
    Advisory number: CSSA-2001-SCO.37
    Issue date: 2001 December 5
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            In UnixWare 7.1.x and Open Unix 8.0.0, xterms saved in previous
            desktop sessions can acquire privileges they should not have in
            subsequent sessions.

            In UnixWare 7.1.x, xterms saved in previous desktop sessions do
            not honor the value of the LD_LIBRARY_PATH environment variable.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 7.1.x /usr/dt/bin/dtsession
            Open UNIX 8.0.0 /usr/dt/bin/dtsession

    3. Workaround

            None.

    4. UnixWare 7, Open UNIX 8

      4.1 Location of Fixed Binaries

            ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.37/

      4.2 Verification

            md5 checksums:
            
            eb52ca9bcb98ada422002594e6654ff0 erg711820.Z

            md5 is available for download from

                    ftp://stage.caldera.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/erg711820.Z
            # pkgadd -d /tmp/erg711820

    5. References

            This and other advisories are located at
                    http://stage.caldera.com/support/security

            This advisory addresses Caldera Security internal incidents
            sr848309, fz51679, and erg711820.

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    ___________________________________________________________________________

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (SCO_SV)
    Comment: For info see http://www.gnupg.org

    iEYEARECAAYFAjwOwBwACgkQaqoBO7ipriGOFQCggFyqt2/9hBYv5Uzlpe2PU89z
    KEEAninV9i55BMexl7oJxkgOX7G7uQoj
    =7/Vo
    -----END PGP SIGNATURE-----