 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
Date: Tue, 28 Aug 2001 10:14:23 -0700 From: sco-security@caldera.com To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com, Subject: Security Update: [CSSA-2001-SCO.15] Open Unix: lpsystem buffer overflow --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable To: bugtraq@securityfocus.com security-announce@lists.securityportal.com an= nounce@lists.caldera.com=20 ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Open Unix: lpsystem buffer overflow Advisory number: CSSA-2001-SCO.15 Issue date: 2001 August 28 Cross reference: ___________________________________________________________________________ 1. Problem Description =09 A long argument to /usr/sbin/lpsystem can cause lpsystem to have a segmentation violation. This might be used by an unauthorized user to gain privilege. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ Open Unix 8.0.0 /usr/sbin/lpsystem 3. Workaround None. 4. Open Unix 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/openunix/sr847408/ 4.2 Verification md5 checksums: f2048bf92f7a55e13d2c3fb1ae8670d4 erg711789a.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711789a.Z # pkgadd -d /tmp/erg711789a 5. References http://www.calderasystems.com/support/security/ 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7.Acknowledgements Caldera International wishes to thank KF <dotslash@snosoft.com> for discovering and reporting this problem. =20 ___________________________________________________________________________ --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuL0W8ACgkQaqoBO7ipriFANgCfRiT8g+hsU4X7Xzb4CTInPsPg /SgAnj5MqzU3C2SxzykMzia9v2RAv3+6 =yjHZ -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN--
| |||||||||||||||||||||
|
|