Date: Thu, 11 Apr 2002 14:58:44 -0700
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm
--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm
Advisory number: CSSA-2002-SCO.15
Issue date: 2002 April 11
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a buffer overflow in the X11 library such that any
command linked with it that accepts the -xrm option will
core dump if a long string is used as the argument. Any
setuid setgid program that accepts the -xrm option is
vulnerable to attack.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
Open UNIX 8.0.0 basex
UnixWare 7.1.1 basex
3. Solution
The proper solution is to install the latest packages.
4. Open UNIX 8.0.0
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15
4.2 Verification
MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download basex.711b.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/basex.711b.pkg
5. UnixWare 7.1.1
5.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.15
5.2 Verification
MD5 (basex.711b.pkg) = 237963c02165609b41f33d6de50279c5
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download basex.711b.pkg to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/basex.711b.pkg
6. References
Specific references for this advisory:
none
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr858540, fz519799,
erg711938.
7. Disclaimer
Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.
______________________________________________________________________________
--VrqPEDrXMn8OVzN4
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjy2BxMACgkQaqoBO7ipriFtoQCgobtIuvkVc3mX7Do8V0/oGdpN
EN0An0GCYuAdCMlH6mv5mItO1g02Ab9q
=FkLI
-----END PGP SIGNATURE-----
--VrqPEDrXMn8OVzN4--
