Security Update: [CSSA-2002-SCO.18] Open UNIX 8.0.0 UnixWare 7.1.1 : CDE /var/dt and subdirectories are writable by world

[security () caldera com]

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

______________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Open UNIX 8.0.0 UnixWare 7.1.1 : CDE /var/dt and subdirectories are writable by world
Advisory number:        CSSA-2002-SCO.18
Issue date:             2002 May 08
Cross reference:
______________________________________________________________________________


1. Problem Description

         The dt/config/Xsession.d/0030.dttmpdir script was creating
         the following dt directories with 0777 perms:

                /var/dt/
                /var/dt/appconfig
                /var/dt/appconfig/appmanager
                /var/dt/tmp

         In addition, libDtLogin.so was checking the permissions of
         /var/dt. If found to be other than 0777, it was changing them
         back to 0777.

         This update fixes the above problems, and also changes the
         permissions of the offending directories on the system to
         close the vulnerability.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        Open UNIX 8.0.0                 /usr/dt/config/Xsession.d/0030.dttmpdir
                                        /usr/dt/lib/libDtLogin.so.1

        UnixWare 7.1.1                  /usr/dt/config/Xsession.d/0030.dttmpdir
                                        /usr/dt/lib/libDtLogin.so.1

3. Solution

        The proper solution is to install the latest packages.


4. Open UNIX 8.0.0

        4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.18


        4.2 Verification

        MD5 (erg711939.pkg.Z) = 513c98dedb5d2cff437e0e330e96d94e

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg711939.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg711939.pkg.Z
        # pkgadd -d /var/spool/pkg/erg711939.pkg


5. UnixWare 7.1.1

        5.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.18


        5.2 Verification

        MD5 (erg711939.pkg.Z) = 513c98dedb5d2cff437e0e330e96d94e

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg711939.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg711939.pkg.Z
        # pkgadd -d /var/spool/pkg/erg711939.pkg


6. References

        Specific references for this advisory:
                none

        Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

        Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr858543, fz519804
        and erg711939.


7. Disclaimer

        Caldera International, Inc. is not responsible for the
        misuse of any of the information we provide on this website
        and/or through our security advisories. Our advisories are
        a service to our customers intended to promote secure
        installation and use of Caldera products.


8. Acknowledgements

        Caldera wishes to thank jGgM (jggm () mail com) for discovering
        and researching this vulnerability.

______________________________________________________________________________