|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: security
caldera.comDate: Mon Jun 24 2002 - 18:39:40 CDT
To: bugtraqsecurityfocus.com announcelists.caldera.com scoannmodxenitec.on.ca
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : in.rarpd format string vulnerability in error() and syserr()
Advisory number: CSSA-2002-SCO.29
Issue date: 2002 June 24
Cross reference:
______________________________________________________________________________
1. Problem Description
The in.rarpd program has several error routines (error()
and syserr()) that can manipulated by a malicious user to
compromise the system.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.1 /usr/sbin/in.rarpd
Open UNIX 8.0.0 /usr/sbin/in.rarpd
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.1
4.1 Location of Fixed Binaries
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29
4.2 Verification
MD5 (erg712062.pkg.Z) = 3c05be0a8197ddd3b6fcd3ac50933508
md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg712062.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712062.pkg.Z
# pkgadd -d /var/spool/pkg/erg712062.pkg
5. Open UNIX 8.0.0
5.1 Location of Fixed Binaries
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29
5.2 Verification
MD5 (erg712062.pkg.Z) = 3c05be0a8197ddd3b6fcd3ac50933508
md5 is available for download from
ftp://ftp.caldera.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg712062.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712062.pkg.Z
# pkgadd -d /var/spool/pkg/erg712062.pkg
6. References
Specific references for this advisory:
none
Caldera security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr865148, fz521092,
erg712062.
7. Disclaimer
Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.
8. Acknowledgements
David Reign <davidreignhotmail.com> discovered these
vulnerabilities.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj0XrbwACgkQaqoBO7ipriFDgQCglJk5/QTHOOFrDNRBAr5Wml4L
al8An0hiuV5Zm49pUl0I/0McRPfZYEar
=mAsD
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]