Bugtraq mailing list archives

Info on some security holes reported against SCO Unixware.

From: aarons () SCO COM (Aaron Sigel)
Date: Thu, 13 Jan 2000 13:07:49 +0000


Greetings,

Recent Bugtraq posts have exposed security holes with a couple
packages distributed with SCO's Skunkware CD.  These packages
are:
        majordomo (wrapper, resend)
        orion (pis, mkpis)

These issues are security holes in the distributed versions of these
packages, and are not SCO security holes.

Furthermore, on a system with all of the security patches installed,
the distributed exploit for components of orion (pis, mkpis) will not
even work.

Still, we do recognize that these issues come up from time to time
in open licensed software that we do not control or maintain.  This is
precisely the reason for the Skunkware disclaimer.

To quote the Skunkware disclaimer:

        Remember, Skunkware is freely distributed and unsupported software. No
        warranty is made on any of the Skunkware components. Support and
        assistance with this software is not provided by SCO.

Updated versions will appear on the SCO skunkware site
(http://www.sco.com/skunkware) as they come available
and as they get built for SCO platforms.


--
Aaron Sigel, Secure Technologies Group, SCO - aarons () sco com

Current thread:

Re: usual iploggers miss some variable stealth scans, (continued)
- - - Re: usual iploggers miss some variable stealth scans Alec Kosky (Jan 18)
    - Re: usual iploggers miss some variable stealth scans Andrea Gho (Jan 20)
    - Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x root (Jan 21)
    - *BSD procfs vulnerability FEAR Advisories (Jan 21)
    - Re: *BSD procfs vulnerability Theo de Raadt (Jan 23)
    - stream.c/raped.c tests (just for stats) Vanja Hrustic (Jan 21)
    - Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Jan 21)
    - Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Vanja Hrustic (Jan 22)
    - Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Markus Hofmann (Jan 22)
    - Administrivia Elias Levy (Jan 18)
    - Info on some security holes reported against SCO Unixware. Aaron Sigel (Jan 13)
    - ssh-proxy, a new approach to firewall software Magosanyi Arpad (Jan 13)
    - Re: Hotmail security hole - injecting JavaScript using <IMG Ajax (Jan 11)
    - Serious Bug in Corel Linux.(Local root exploit) tascon () ENETE GUI UVA ES (Jan 12)
    - secure-programs howto Signal 11 (Jan 09)
    - strace can lie ... but LTT might be handy Karim Yaghmour (Jan 09)
    - 2nd attempt: AIX techlibss follows links Klaus.Kusche () OOE GV AT (Jan 10)
    - NIS2k Bacano (Jan 11)
    - Password issue in Axent ESM 5.0.1 Console Todd (Jan 12)
    - Re: Password issue in Axent ESM 5.0.1 Console Scott Blake (Jan 14)
    - Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)

(Thread continues...)