Date: Thu, 6 Mar 2003 13:19:46 -0800
From: security@sco.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2003-009.0] Linux: slocate command line buffer overflows
--5oH/S/bF6lOfqCQb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: slocate command line buffer overflows
Advisory number: CSSA-2003-009.0
Issue date: 2003 March 06
Cross reference:
______________________________________________________________________________
1. Problem Description
The slocate command suffers from two command line buffer
overflows.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1.1 Workstation prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1 Server prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1 Workstation prior to slocate-2.6-3.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/RPMS
4.2 Packages
d357c2ee6bd94601dc6be091ddf8082e slocate-2.6-3.i386.rpm
4.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/SRPMS
4.5 Source Packages
7125d9ef9ec4c3285112fbfabf239a5f slocate-2.6-3.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-009.0/RPMS
5.2 Packages
685e16e765ceaed906a59e65860848b2 slocate-2.6-3.i386.rpm
5.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-009.0/SRPMS
5.5 Source Packages
4f513aebf7046701c41eee72f8e15c2a slocate-2.6-3.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/RPMS
6.2 Packages
ce609a2df9f795106913c60a86c30427 slocate-2.6-3.i386.rpm
6.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/SRPMS
6.5 Source Packages
6e0da763e91bf91362d2521ef471c457 slocate-2.6-3.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/RPMS
7.2 Packages
239f88e2ba4d1db53cd49e8ab5d22b28 slocate-2.6-3.i386.rpm
7.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/SRPMS
7.5 Source Packages
1bd5b95650c530fbe48d58d7bdc2dd8d slocate-2.6-3.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr873878, fz527219,
erg712211, erg712226.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
Knight420 and Gregory Duchemin <c3rb3r@hotmail.com> discovered
and investigated these vulnerabilities.
______________________________________________________________________________
--5oH/S/bF6lOfqCQb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj5nu3EACgkQbluZssSXDTFM1wCgq6e7HEebFjgs4QG4bPpdBmJT
w+0AoLe8BM9294FpiG4C6We0rBttzY6Y
=cie7
-----END PGP SIGNATURE-----
--5oH/S/bF6lOfqCQb--
