 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
Date: Tue, 26 Jun 2001 16:49:02 -0700 From: sco-security@caldera.com To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com Subject: Security Update: [CSSA-2001-SCO.2] UnixWare - su buffer overflow --TmwHKJoIRFM7Mu/A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable To: bugtraq@securityfocus.com security-announce@lists.securityportal.com ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: UnixWare - su buffer overflow Advisory number: CSSA-2001-SCO.2 Issue date: 2001 June, 26 Cross reference: ___________________________________________________________________________ 1. Problem Description The su command is vulnerable to a command line argument buffer overflow. This could allow a process to execute arbitrary code, allowing a malicious user to gain elevated privileges. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 All /sbin/su /usr/bin/su /usr/lib/libiaf.a /usr/lib/libiaf.so 3. Workaround None. 4. UnixWare 7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/unixware/sr847407/ 4.2 Verification md5 checksums: =09 ec9c4201d83b8031063ff03bd325e200 erg711713a.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/md5 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711713a.Z # pkgadd -d /tmp/erg711713a 5. References http://www.calderasystems.com/support/security/index.html 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International, Inc. products. ___________________________________________________________________________ --TmwHKJoIRFM7Mu/A Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjs5H24ACgkQaqoBO7ipriFj/ACgh4fBanNvAER1eT/qym8dzQu/ kMQAnjQQ7lVfmRDjiVm1d6jRnnRxS553 =34dQ -----END PGP SIGNATURE----- --TmwHKJoIRFM7Mu/A--
| |||||||||||||||||||||
|
|