Bugtraq mailing list archives
Re: recent SCO 5.0.x vulnerabilities
From: jrm () FREEDOM SWC COM (Jon Mitchell)
Date: Wed, 20 Oct 1999 09:35:09 -0500
The following was stated by mikea () SCO COM:
SCO is working on investigating and fixing the recent vulnerabilities reported here (namely the 19 buffer overflows, Xt and lpr exploits). We will have a patch for OpenServer 5.0.5 in two weeks, which will be available from http://www.sco.com/security/.
I want to point out that it has been four weeks since this post and not a single thing has changed on the URL above. However, on the BUGTRAQ side of things several more exploits for Openserver 5.0.5 have been posted as well as a Unixware 7.1 exploit. (Thank you Brock for all the work you've done to help improve SCO's security) Although there have been several posts by people knowledgeable about SCO saying that work is being done, there are no new patches available on their website. I realize that fixing this many issues takes time, but since time is of the essence in keeping systems secure, couldn't incremental fixes or workarounds be released (ala hotfixes)? Those of us who have to support SCO systems would certainly appreciate it. Four weeks really should be enough time to at least post a message saying those people who do not need to be using SCO Doctor or some other such Skunkware utility should uninstall it until patches can be made. Not all of us in support want to wait six months for the next release supplement to fix problems critical to our systems. -- Jon Mitchell Systems Engineer, Subject Wills and Company jrm () swc com -- These views are mine and should not be attributed to my employer --
Current thread:
- Re: recent SCO 5.0.x vulnerabilities Jon Mitchell (Oct 20)
- <Possible follow-ups>
- Re: recent SCO 5.0.x vulnerabilities Michael Almond (Oct 20)