Re: Caldera OpenUnix8 Overflows (reject, lpsystem, su)

[tigger () caldera com]

To: dotslash () snosoft com vuln-dev () securityfocus com

A fix for the su program is forthcoming, in addition to fixes for the
other vulnerabilities. Thanks for your help in pointing them out.


        Caldera Legacy Security Group


On Mon, Jul 23, 2001 at 05:02:29AM -0400, KF wrote:
> I contacted Caldera (SCO) about some local overflows in a few
> binaries that came default with my install of OpenUnix8... Here is a
> snippet of the email dialog between us. Due to the lack of access to
> the machine and lack of a good debugger on the system, I have not
> had time to put any further research time in. If anyone else has
> access to this fairly new OS feedback would be appreciated. Sorry
> for the lack of info on this subject.  -KF