Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Update: [CSSA-2001-SCO.8] OpenServer: /etc/popper buffer overflow

From: sco-security () caldera com
Date: Thu, 26 Jul 2001 10:48:07 -0700

To: announce () lists caldera com bugtraq () securityfocus com security-announce () lists securityportal com 


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: /etc/popper buffer overflow
Advisory number:        CSSA-2001-SCO.8
Issue date:             2001 July 26
Cross reference:
___________________________________________________________________________



1. Problem Description
        
        The popper daemon /etc/popper was subject to a buffer overflow
        that could be used by a malicious user.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       /etc/popper


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openserver/sr848324/


  4.2 Verification

        md5 checksums:
        
        8795253219fbcbba3027f0c37f6a884e        popper.Z


        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/popper.Z
        # mv /etc/popper /etc/popper.old
        # cp /tmp/popper /etc
        # chown bin /etc/popper
        # chgrp bin /etc/popper
        # chmod 755 /etc/popper


5. References

        http://www.calderasystems.com/support/security/index.html


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7.Acknowledgements

        Caldera International wishes to thank Gustavo Viscaino for
        originally finding the problem, Michael Brennen
        <mbrennen () fni com> for forwarding the problem report from the
        qpopper list, and the folks at Qualcomm for fixing the
        problem.
         
___________________________________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: