Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2001-SCO.15] Open Unix: lpsystem buffer overflow

From: sco-security () caldera com
Date: Tue, 28 Aug 2001 10:14:23 -0700
To: bugtraq () securityfocus com security-announce () lists securityportal com announce () lists caldera com 

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open Unix: lpsystem buffer overflow
Advisory number:        CSSA-2001-SCO.15
Issue date:             2001 August 28
Cross reference:
___________________________________________________________________________



1. Problem Description
        
        A long argument to /usr/sbin/lpsystem can cause lpsystem to
        have a segmentation violation. This might be used by an
        unauthorized user to gain privilege.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        Open Unix               8.0.0           /usr/sbin/lpsystem


3. Workaround

        None.


4. Open Unix

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openunix/sr847408/


  4.2 Verification

        md5 checksums:

        f2048bf92f7a55e13d2c3fb1ae8670d4        erg711789a.Z


        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/erg711789a.Z
        # pkgadd -d /tmp/erg711789a


5. References

        http://www.calderasystems.com/support/security/


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7.Acknowledgements

        Caldera International wishes to thank KF <dotslash () snosoft com>
        for discovering and reporting this problem.
         
___________________________________________________________________________

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: