Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Tue, 26 Jun 2001 16:49:02 -0700
From: [email protected]
To: [email protected], [email protected]
Subject: Security Update: [CSSA-2001-SCO.2] UnixWare - su buffer overflow

--TmwHKJoIRFM7Mu/A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected]


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		UnixWare - su buffer overflow
Advisory number: 	CSSA-2001-SCO.2
Issue date: 		2001 June, 26
Cross reference:
___________________________________________________________________________



1. Problem Description

	The su command is vulnerable to a command line argument buffer
	overflow. This could allow a process to execute arbitrary
	code, allowing a malicious user to gain elevated privileges.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/sbin/su
						/usr/bin/su
						/usr/lib/libiaf.a
						/usr/lib/libiaf.so

3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/unixware/sr847407/


  4.2 Verification

	md5 checksums:
=09
	ec9c4201d83b8031063ff03bd325e200	erg711713a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/md5


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711713a.Z
	# pkgadd -d /tmp/erg711713a


5. References

	http://www.calderasystems.com/support/security/index.html


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International, Inc. products.

___________________________________________________________________________

--TmwHKJoIRFM7Mu/A
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjs5H24ACgkQaqoBO7ipriFj/ACgh4fBanNvAER1eT/qym8dzQu/
kMQAnjQQ7lVfmRDjiVm1d6jRnnRxS553
=34dQ
-----END PGP SIGNATURE-----

--TmwHKJoIRFM7Mu/A--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: