Date: Wed, 5 Dec 2001 16:47:25 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2001-SCO.37] Open UNIX, UnixWare 7: xterms in saved CDE sessions
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: xterms in saved CDE sessions
Advisory number: CSSA-2001-SCO.37
Issue date: 2001 December 5
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
In UnixWare 7.1.x and Open Unix 8.0.0, xterms saved in previous
desktop sessions can acquire privileges they should not have in
subsequent sessions.
In UnixWare 7.1.x, xterms saved in previous desktop sessions do
not honor the value of the LD_LIBRARY_PATH environment variable.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.x /usr/dt/bin/dtsession
Open UNIX 8.0.0 /usr/dt/bin/dtsession
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.37/
4.2 Verification
md5 checksums:
=09
eb52ca9bcb98ada422002594e6654ff0 erg711820.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711820.Z
# pkgadd -d /tmp/erg711820
5. References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr848309, fz51679, and erg711820.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
___________________________________________________________________________
--C7zPtVaVf+AK4Oqc
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwOwBwACgkQaqoBO7ipriGOFQCggFyqt2/9hBYv5Uzlpe2PU89z
KEEAninV9i55BMexl7oJxkgOX7G7uQoj
=7/Vo
-----END PGP SIGNATURE-----
--C7zPtVaVf+AK4Oqc--
