Date: Mon, 20 May 2002 17:55:25 -0700
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.19] OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflow
--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflow
Advisory number: CSSA-2002-SCO.19
Issue date: 2002 May 20
Cross reference:
______________________________________________________________________________
1. Problem Description
A buffer overflow vulnerability has been discovered in
/etc/yppasswdd which may be exploited by a local or a remote
attacker to gain root access on the NIS master server system.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 /etc/yppasswdd
OpenServer 5.0.6 /etc/yppasswdd
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.5
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.19
4.2 Verification
MD5 (VOL.000.000) = d683b9007da3efc51a9f6f9db7270ec2
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
5. OpenServer 5.0.6
5.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.19
5.2 Verification
MD5 (VOL.000.000) = d683b9007da3efc51a9f6f9db7270ec2
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
6. References
Specific references for this advisory:
http://www.kb.cert.org/vuls/id/327281
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr854485,
SCO-559-1316, and erg711875 .
7. Disclaimer
Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.
______________________________________________________________________________
--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzpmv0ACgkQaqoBO7ipriF2lwCdGA74TJFZa4+vnP6/8D2hMii2
iFwAmwWChoZ2Arrpf+C4bCwz8cQR6Qov
=0qLQ
-----END PGP SIGNATURE-----
--vkogqOf2sHV7VnPd--
