Date: Fri, 14 Dec 2001 11:38:14 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2001-SCO.40] OpenServer: /bin/login and /etc/getty argument buffer overflow
--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca=20
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer: /bin/login and /etc/getty argument buffer overflow
Advisory number: CSSA-2001-SCO.40
Issue date: 2001 December 14
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
A remotely exploitable buffer overflow exists in /bin/login
and /etc/getty. Attackers can exploit this vulnerability to
gain root access to the server.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <=3D 5.0.6a /bin/login
/etc/getty
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/
erg711877.506.tar.Z is the patch for SCO OpenServer Release
5.0.6, with or without Release Supplement 5.0.6a (rs506a).
Note that other security issues are corrected by rs506a; we
strongly recommend installing it on all 5.0.6 systems.
erg711877.505.tar.Z is the patch for SCO OpenServer Release
5.0.5 and earlier. Although it should work with all releases
5.0.0 through 5.0.5, it has not yet been tested on every
release.
4.2 Verification
md5 checksums:
e1748ebb4710796620c15017e52eecc0 erg711877.505.tar.Z
627a41d22040872f967cb5387c7e629c erg711877.506.tar.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
For 5.0.6 and 5.0.6a:
Download erg711877.506.tar.Z to the /tmp directory
=09
# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.506.tar.Z
# cd /
# tar xvf /tmp/erg711877.506.tar
For pre-5.0.6:
Download erg711877.505.tar.Z to the /tmp directory
=09
# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.505.tar.Z
# cd /
# tar xvf /tmp/erg711877.505.tar
5. References
http://www.cert.org/advisories/CA-2001-34.htmlhttp://www.kb.cert.org/vuls/id/569272http://xforce.iss.net/alerts/advise105.php
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr854610, SCO-559-1318, erg711877.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
This vulnerability was discovered and researched by Mark Dowd
of the ISS X-Force.
=20
___________________________________________________________________________
--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwaVSYACgkQaqoBO7ipriEksgCffXF/xjykEIN4/FRuUzlSkOt7
CfkAnRDP4wEG0ytwumXNls/b0A0QqpEN
=QB5Z
-----END PGP SIGNATURE-----
--XsQoSWH+UP9D9v3l--
