Bugtraq mailing list archives
Security Update: [CSSA-2001-SCO.3] UnixWare - cron buffer overflow
From: sco-security () caldera com
Date: Wed, 27 Jun 2001 16:06:20 -0700
To: bugtraq () securityfocus com security-announce () lists securityportal com
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: UnixWare - cron buffer overflow
Advisory number: CSSA-2001-SCO.3
Issue date: 2001 June, 27
Cross reference:
___________________________________________________________________________
1. Problem Description
The cron command is vulnerable to a command line argument
buffer overflow. This could allow a process to execute
arbitrary code, allowing a malicious user to gain elevated
privileges.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/bin/crontab
3. Workaround
None.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/unixware/sr847406/
4.2 Verification
md5 checksums:
2f00acf514126ad9e8bced6ceb7bb66e erg711714a.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711714a.Z
# pkgadd -d /tmp/erg711714a
5. References
http://www.calderasystems.com/support/security/index.html
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International, Inc. products.
___________________________________________________________________________
Attachment:
_bin
Description:
Current thread:
- Security Update: [CSSA-2001-SCO.3] UnixWare - cron buffer overflow sco-security (Jun 28)