Date: Thu, 24 Jan 2002 15:59:49 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: [email protected][email protected] scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: sort creates temporary files insecurely
Advisory number: CSSA-2002-SCO.2
Issue date: 2002 January 24
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
The sort command created temporary files in an insecure
manner. This could be used by an unauthorized user to gain
privilege.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.* /usr/bin/sort
Open UNIX 8.0.0 /usr/bin/sort
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/
4.2 Verification
MD5 (erg711766.Z) =3D 7e640423400147d3c1c905c1ad0cfe23
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg711766.Z to the /tmp directory
# uncompress /tmp/erg711766.Z
# pkgadd -d /tmp/erg711766
5. References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr848816, fz518198, erg711766.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
=20
___________________________________________________________________________
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjxQn/UACgkQaqoBO7ipriF0EACgmocq4OGdRbB5K7wN3aIGH8Xw
9VYAoKcdMjjk5tOx6/cgJFEit6S+ydrR
=Gg0P
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--
