REVISION: Security Update: [CSSA-2001-SCO.24.1] OpenServer: shell here-documents allow various security breaches

[security () caldera com]

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                REVISION: OpenServer: shell here-documents allow various security breaches
Advisory number:        CSSA-2001-SCO.24.1
Issue date:             2001 December 4
Cross reference:        CSSA-2001-SCO.24
___________________________________________________________________________


1. Problem Description
        
        *************************************************************
        The original binaries supplied to fix this vulnerability were
        flawed, exhibiting a variety of unusual behaviors. If you have
        already applied CSSA-2001-SCO.24, Caldera recommends that you
        immediately apply this new version, CSSA-2001-SCO.24.1.
        *************************************************************   

        Shell here-document processing is vulnerable to a variety of
        security attacks.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       /bin/sh
                                                /sbin/sh
                                                /bin/csh
                                                /bin/ksh
                                                /usr/bin/euc/ksh
                                                /usr/lib/scosh/utilbin/oash

3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/


  4.2 Verification

        md5 checksums:
        
        05a3f8b4a00f806f919d0dd723d2b2db        shells.tar.Z


        md5 is available for download from

                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/shells.tar.Z
        # for i in /bin/csh /bin/ksh /bin/sh /sbin/sh /usr/bin/euc/ksh /usr/lib/scosh/utilbin/oash
        > do
        > mv $i ${i}-
        > done
        # cd /
        # tar xvf /tmp/shells.tar

5. References

        http://www.kb.cert.org/vuls/id/10277

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr847825, erg711733.

6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        The original discoverer of this vulnerability was Gordon Irlam
        of the Univeristy of Adelaide, Australia.

         
___________________________________________________________________________

Attachment: _bin
Description: