Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows

[sco-security () caldera com]

To: bugtraq () securityfocus com security-announce () lists securityportal com announce () lists caldera com scoannmod 
() xenitec on ca 


Do not reply to this mail. This security advisory is being sent from a
nonexistent address in order to avoid spam problems.  Caldera's
contact address for UNIX security issues is security-alert () caldera com.


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: various scoadmin/sysadm subprograms have buffer overflows
Advisory number:        CSSA-2001-SCO.25
Issue date:             2001 October 11
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        Various programs that scoadmin and sysadmsh use have buffer
        overflows that could be used by a malicious user to gain
        privilege.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       /usr/lib/sysadm/atcronsh
                                                /usr/lib/sysadm/auditsh
                                                /usr/lib/sysadm/authsh
                                                /usr/lib/sysadm/backupsh
                                                /usr/lib/sysadm/lpsh
                                                /usr/lib/sysadm/sysadm.menu
                                                /usr/lib/sysadm/termsh


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.25/


  4.2 Verification

        md5 checksums:
        
        baf6e1a57f8a86803362a5cf798883aa        sysadm.tar.Z


        md5 is available for download from

                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        ( Note: if the sysadmsh subsystem is not installed, it is
        normal for some of the following mv commands to fail.)

        # uncompress /tmp/sysadm.tar.Z
        # for i in atcronsh auditsh authsh backupsh lpsh sysadm.menu termsh
        > do
        > mv /usr/lib/sysadm/$i /usr/lib/sysadm/${i}-
        > chmod 0 /usr/lib/sysadm/${i}-
        > done
        # cd /
        # tar xvf /tmp/sysadm.tar


5. References

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr849820, SCO-559-1295 and erg711790.

6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Caldera International wishes to thank KF <dotslash () snosoft com>
        for discovering and reporting this problem.

         
___________________________________________________________________________

Attachment: _bin
Description: