Security Update: [CSSA-2001-SCO.40] OpenServer: /bin/login and /etc/getty argument buffer overflow

[security () caldera com]

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca 


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: /bin/login and /etc/getty argument buffer overflow
Advisory number:        CSSA-2001-SCO.40
Issue date:             2001 December 14
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        A remotely exploitable buffer overflow exists in /bin/login
        and /etc/getty. Attackers can exploit this vulnerability to
        gain root access to the server.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       /bin/login
                                                /etc/getty


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/

        erg711877.506.tar.Z is the patch for SCO OpenServer Release
        5.0.6, with or without Release Supplement 5.0.6a (rs506a).
        Note that other security issues are corrected by rs506a; we
        strongly recommend installing it on all 5.0.6 systems.

        erg711877.505.tar.Z is the patch for SCO OpenServer Release
        5.0.5 and earlier.  Although it should work with all releases
        5.0.0 through 5.0.5, it has not yet been tested on every
        release.


  4.2 Verification

        md5 checksums:

        e1748ebb4710796620c15017e52eecc0        erg711877.505.tar.Z
        627a41d22040872f967cb5387c7e629c        erg711877.506.tar.Z


        md5 is available for download from

                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        For 5.0.6 and 5.0.6a:

                Download erg711877.506.tar.Z to the /tmp directory
        
                # mv /bin/login /bin/login-
                # mv /etc/getty /etc/getty-
                # chmod 0 /bin/login- /etc/getty-
                # uncompress erg711877.506.tar.Z
                # cd /
                # tar xvf /tmp/erg711877.506.tar

        For pre-5.0.6:

                Download erg711877.505.tar.Z to the /tmp directory
        
                # mv /bin/login /bin/login-
                # mv /etc/getty /etc/getty-
                # chmod 0 /bin/login- /etc/getty-
                # uncompress erg711877.505.tar.Z
                # cd /
                # tar xvf /tmp/erg711877.505.tar


5. References

        http://www.cert.org/advisories/CA-2001-34.html
        http://www.kb.cert.org/vuls/id/569272
        http://xforce.iss.net/alerts/advise105.php

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr854610, SCO-559-1318, erg711877.


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        This vulnerability was discovered and researched by Mark Dowd
        of the ISS X-Force.

         
___________________________________________________________________________

Attachment: _bin
Description: