Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Thu, 26 Jul 2001 10:48:07 -0700
From: sco-security@caldera.com
To: announce@lists.caldera.com, bugtraq@securityfocus.com,
Subject: Security Update: [CSSA-2001-SCO.8] OpenServer: /etc/popper buffer overflow


To: announce@lists.caldera.com bugtraq@securityfocus.com security-announce@lists.securityportal.com 


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: /etc/popper buffer overflow
Advisory number: 	CSSA-2001-SCO.8
Issue date: 		2001 July 26
Cross reference:
___________________________________________________________________________



1. Problem Description
	
	The popper daemon /etc/popper was subject to a buffer overflow
	that could be used by a malicious user.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/etc/popper


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/openserver/sr848324/


  4.2 Verification

	md5 checksums:
	
	8795253219fbcbba3027f0c37f6a884e	popper.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/popper.Z
	# mv /etc/popper /etc/popper.old
	# cp /tmp/popper /etc
	# chown bin /etc/popper
	# chgrp bin /etc/popper
	# chmod 755 /etc/popper


5. References

	http://www.calderasystems.com/support/security/index.html


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7.Acknowledgements

	Caldera International wishes to thank Gustavo Viscaino for
	originally finding the problem, Michael Brennen
	<mbrennen@fni.com> for forwarding the problem report from the
	qpopper list, and the folks at Qualcomm for fixing the
	problem.
	 
___________________________________________________________________________

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год