Date: Mon, 11 Mar 2002 16:12:20 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow
--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer: dlvr_audit: exploitable buffer overflow
Advisory number: CSSA-2002-SCO.8
Issue date: 2002 March 11
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
The dlvr_audit command has an exploitable buffer overflow that
can be used by a malicious user to become root.
2. Vulnerable Supported Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer 5.0.5, 5.0.6 /etc/auth/dlvr_audit
This has already been fixed in OpenServer 5.0.6a.
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp:ftp.caldera.com/pub/openserver5/oss645a
4.2 Verification
MD5 (oss645a) =3D ebfbb4d2931fb83e8ccc2390868bb11f
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
***************
IMPORTANT NOTE:
=09
You MUST first install "SLS OSS640A: BIND Update" before
attempting to install this SLS. SLS OSS640A installs files
that are necessary for OSS645A (this SLS) to function
properly.
***************
1. Download the OSS645A media image file
(ftp.caldera.com/pub/openserver5/oss645a), place the file
in the /tmp directory and rename the file by typing these
commands:
mv /tmp/oss645a /tmp/VOL.000.000
2. Run the Software Manager with the command:
# scoadmin software
or double-click on the Software Manager icon in the
desktop.
3. Pull down the "Software" menu and select "Install New".
4. When prompted for the host from which to install, choose
the local machine and then "Continue".
5. In the "Select Media" menu, pull down the "Media Device"
menu. Select "Media Images", then choose "Continue".
6. When prompted for the "Image Directory", enter "/tmp" (or
the directory where you placed the VOL file in step 1) and
choose "OK".
7. When prompted to select software to install, make sure that
the "OSS645A: Audit Subsystem Security Supplement" entry is
highlighted. Choose "Install".
8. Installation of SLS OSS645A is now complete. To exit the
Software Manager, select "Exit" from the "Host" menu.
5. References
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
erg377672, SCO-247-295.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
This vulnerability was discovered and researched by Tomasz
Kusmeirz.
=20
___________________________________________________________________________
--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjyNR+QACgkQaqoBO7ipriGa+QCbBp2mKI3WCn/roelvAcZOPwGw
980An2GvxcoY53LUMBENVrwMYXs881AD
=9urV
-----END PGP SIGNATURE-----
--W/nzBZO5zC0uMSeA--
