Bugtraq mailing list archives
Security Update: [CSSA-2001-SCO.12] OpenServer: mana buffer overflow
From: sco-security () caldera com
Date: Fri, 24 Aug 2001 11:55:37 -0700
To: bugtraq () securityfocus com security-announce () lists securityportal com announce () lists caldera com ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: mana buffer overflow Advisory number: CSSA-2001-SCO.12 Issue date: 2001 August 17 Cross reference: ___________________________________________________________________________ 1. Problem Description /usr/internet/admin/mana/mana was subject to a buffer overflow that could be used by a malicious user to gain root access. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a /usr/internet/admin/mana/mana 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/openserver/sr847464/ 4.2 Verification md5 checksums: c7c06ccffc481b78e249dd6474996222 mana.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/mana.Z # mv /usr/internet/admin/mana/mana /usr/internet/admin/mana/mana.old # cp /tmp/mana /usr/internet/admin/mana # chown root /usr/internet/admin/mana/mana # chgrp sys /usr/internet/admin/mana/mana # chmod 6755 /usr/internet/admin/mana/mana 5. References http://www.calderasystems.com/support/security/index.html 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ___________________________________________________________________________
Attachment:
_bin
Description:
Current thread:
- Security Update: [CSSA-2001-SCO.12] OpenServer: mana buffer overflow sco-security (Aug 24)