Date: Thu, 23 May 2002 16:53:09 -0700
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.20] OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and denial-of-service
--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca=20
___________________________________________________________________________=
___
Caldera International, Inc. Security Advisory
Subject: OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and de=
nial-of-service
Advisory number: CSSA-2002-SCO.20
Issue date: 2002 May 22
Cross reference:
___________________________________________________________________________=
___
1. Problem Description
/etc/popper will go into a loop if a character string of
length 2048 (or more) is sent to it.
If the bulldir variable in the user's config file is longer
than 256 characters, popper will memory fault.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.5 /etc/popper
OpenServer 5.0.6 /etc/popper
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.5
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20
4.2 Verification
MD5 (VOL.000.000) =3D f2746cddde194cb93e5ad1b41637a75c
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
5. OpenServer 5.0.6
5.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.20
5.2 Verification
MD5 (VOL.000.000) =3D f2746cddde194cb93e5ad1b41637a75c
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
6. References
Specific references for this advisory:
none
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr863699, fz520822,
erg712033.
7. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.
8. Acknowledgements
Marcell Fodor reported the memory fault issue. Dustin Childers
reported the denial-of-service issue.
___________________________________________________________________________=
___
--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjztgOUACgkQaqoBO7ipriHx6QCeLLISHGd8HZPzRT91hq08w+z4
sWEAnAtoTHoKWEA8AGBnmfDiS6WlCYr0
=aNkz
-----END PGP SIGNATURE-----
--vtzGhvizbBRQ85DL--
