Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: recent SCO 5.0.x vulnerabilities

From: mikea () SCO COM (Michael Almond)
Date: Wed, 20 Oct 1999 15:54:17 -0700

Jon,

Sorry for the lack of information, we've been trying to
fix as many exploits as possible.  In light of your
message, instead of releasing all fixes at once, we
will release the first batch of fixes (approximately 24)
ASAP (ie. hopefully in the next couple of days) and
then follow that up with the rest.

Mike Almond.

   > From: Jon Mitchell <jrm () freedom swc com>
   >
   > The following was stated by mikea () SCO COM:
   >
   > > SCO is working on investigating and fixing the recent
   > > vulnerabilities reported here (namely the 19 buffer
   > > overflows, Xt and lpr exploits).  We will have a patch
   > > for OpenServer 5.0.5 in two weeks, which will be available
   > > from http://www.sco.com/security/.
   >
   > I want to point out that it has been four weeks since this post and not a
   > single thing has changed on the URL above.  However, on the BUGTRAQ side
   > of things several more exploits for Openserver 5.0.5 have been posted as
   > well as a Unixware 7.1 exploit.  (Thank you Brock for all the work you've
   > done to help improve SCO's security)
   >
   > Although there have been several posts by people knowledgeable about SCO
   > saying that work is being done, there are no new patches available on
   > their website.
   >
   > I realize that fixing this many issues takes time, but since time is of
   > the essence in keeping systems secure, couldn't incremental fixes or
   > workarounds be released (ala hotfixes)?  Those of us who have to support
   > SCO systems would certainly appreciate it.  Four weeks really should be
   > enough time to at least post a message saying those people who do not need
   > to be using SCO Doctor or some other such Skunkware utility should
   > uninstall it until patches can be made.  Not all of us in support want to
   > wait six months for the next release supplement to fix problems critical
   > to our systems.
   >
   > --
   > Jon Mitchell
   > Systems Engineer, Subject Wills and Company
   > jrm () swc com
   >
   > -- These views are mine and should not be attributed to my employer --
   >
Previous By Date Next
Previous By Thread Next

Current thread: