Date: Mon, 15 Oct 2001 11:06:58 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.26] dtterm argument buffer overflow
--gKMricLos+KVdGMg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: [email protected][email protected] an=
[email protected][email protected]=20
Do not reply to this mail. This security advisory is being sent from a
nonexistent address in order to avoid spam problems. Caldera's
contact address for UNIX security issues is [email protected].
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX 8, UnixWare 7: dtterm argument buffer overflow
Advisory number: CSSA-2001-SCO.26
Issue date: 2001 October 15
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
Very long arguments to the dtterm command cause an argument
buffer overflow. This could be used by an unauthorized user
to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/dt/lib/libDtTerm.so
/usr/dt/lib/libDtTerm.so.1
=09
Open UNIX 8.0.0 /usr/dt/lib/libDtTerm.so
/usr/dt/lib/libDtTerm.so.1
3. Workaround
None.
4. Open UNIX 8, UnixWare 7
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.26/
4.2 Verification
md5 checksums:
=09
30167e121f4d7e0bf0bf06e60cb3a340 erg711857.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# scologin stop
# uncompress /tmp/erg711857.Z
# pkgadd -d /tmp/erg711857
# scologin start
5. References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr853007, fz518986 and erg711857.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
Caldera International wishes to thank Aycan Irican
<[email protected]> for discovering and reporting this
problem.
=20
___________________________________________________________________________
--gKMricLos+KVdGMg
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjvLJcIACgkQaqoBO7ipriE/fQCfecwE59+Vaj44s+52op1tjwG/
GtQAoICPUO+iFm5Q2polfES4p/s1yNGj
=TNsM
-----END PGP SIGNATURE-----
--gKMricLos+KVdGMg--
