To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject: Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number: CSSA-2002-SCO.11
Issue date: 2002 March 12
Cross reference: CSSA-2002-SCO.10
___________________________________________________________________________

1. Problem Description

        A bug exists in the channel code of OpenSSH versions 2.0
        though 3.0.2.

        Existing users can use this bug to gain root privileges. The
        ability to exploit this vulnerability without an existing user
        account has not yet been proven, but it is considered
        possible. A malicious ssh server could also use this bug to
        exploit a connecting vulnerable client.
                                                

2. Vulnerable Supported Versions

        Operating System Version Affected Files
        ------------------------------------------------------------------
        UnixWare 7.1.1 all ssh distribution files
        Open UNIX 8.0.0 all ssh distribution files

3. Workaround

        None.

4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/

  4.2 Verification

        MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/

  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download openssh-3.1p1.pkg to the /tmp directory

        # pkgadd -d /tmp/openssh-3.1p1.pkg

5. References

        http://www.pine.nl/advisories/pine-cert-20020301.txt

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr861335, fz520314, erg711983.

6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.

7. Acknowledgements

        Joost Pol <joostpine.nl> discovered and researched this
        vulnerability.

___________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyOnj8ACgkQaqoBO7ipriFfjQCfYMdt0veA8De4KSpigVm5kpGB
PmoAoIftUztMvZnCSRHq+WVbxQX7/9Hu
=UL3a
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]