Date: Mon, 12 Nov 2001 17:17:30 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities
--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: buffer overflow in ppp utilities
Advisory number: CSSA-2001-SCO.32
Issue date: 2001 November 12
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
There is a buffer overflow in several of the ppp utilities that
are linked to /usr/bin/pppattach. This could be used by an
unauthorized user to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.0, 7.1.1 /usr/bin/pppattach
Open UNIX 8.0.0 /usr/bin/pppattach
3. Workaround
If you do not use ppp, remove the execute and/or setuid
permissions from /usr/bin/pppattach.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/
4.2 Verification
md5 checksums:
=09
24cf948a3691be14398dcd63d2f8eafb erg711869b.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711869b.Z
# pkgadd -d /tmp/erg711869b
5. References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr854234, fz519119 and erg711869.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
=20
___________________________________________________________________________
--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjvwdKkACgkQaqoBO7ipriEL4ACgouVaVKYDfHlS9HAeaFx9YusT
iTgAoIFqpdMwRNRIf/tVOV7fewZhgKxi
=3S7V
-----END PGP SIGNATURE-----
--dDRMvlgZJXvWKvBx--
