Date: Tue, 4 Dec 2001 12:37:51 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: REVISION: Security Update: [CSSA-2001-SCO.24.1] OpenServer: shell here-documents allow various security breaches
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: REVISION: OpenServer: shell here-documents allow various security=
breaches
Advisory number: CSSA-2001-SCO.24.1
Issue date: 2001 December 4
Cross reference: CSSA-2001-SCO.24
___________________________________________________________________________
1. Problem Description
=09
*************************************************************
The original binaries supplied to fix this vulnerability were
flawed, exhibiting a variety of unusual behaviors. If you have
already applied CSSA-2001-SCO.24, Caldera recommends that you
immediately apply this new version, CSSA-2001-SCO.24.1.
*************************************************************=09
Shell here-document processing is vulnerable to a variety of
security attacks.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <=3D 5.0.6a /bin/sh
/sbin/sh
/bin/csh
/bin/ksh
/usr/bin/euc/ksh
/usr/lib/scosh/utilbin/oash
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24.1/
4.2 Verification
md5 checksums:
=09
05a3f8b4a00f806f919d0dd723d2b2db shells.tar.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/shells.tar.Z
# for i in /bin/csh /bin/ksh /bin/sh /sbin/sh /usr/bin/euc/ksh /usr/lib/sc=
osh/utilbin/oash
> do
> mv $i ${i}-
> done
# cd /
# tar xvf /tmp/shells.tar
5. References
http://www.kb.cert.org/vuls/id/10277
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr847825, erg711733.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
The original discoverer of this vulnerability was Gordon Irlam
of the Univeristy of Adelaide, Australia.
=20
___________________________________________________________________________
--n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwNNB8ACgkQaqoBO7ipriEA7QCfbyIE22dIDY1wTL1N8QIVwPNG
jC8An3SfByzOlCgOBiNXTMAR9QAQb+TU
=zgNe
-----END PGP SIGNATURE-----
--n8g4imXOkfNTN/H1--
