Date: Tue, 28 Aug 2001 10:14:23 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.15] Open Unix: lpsystem buffer overflow
--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: [email protected][email protected] an=
[email protected]=20
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open Unix: lpsystem buffer overflow
Advisory number: CSSA-2001-SCO.15
Issue date: 2001 August 28
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
A long argument to /usr/sbin/lpsystem can cause lpsystem to
have a segmentation violation. This might be used by an
unauthorized user to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
Open Unix 8.0.0 /usr/sbin/lpsystem
3. Workaround
None.
4. Open Unix
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openunix/sr847408/
4.2 Verification
md5 checksums:
f2048bf92f7a55e13d2c3fb1ae8670d4 erg711789a.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711789a.Z
# pkgadd -d /tmp/erg711789a
5. References
http://www.calderasystems.com/support/security/
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7.Acknowledgements
Caldera International wishes to thank KF <[email protected]>
for discovering and reporting this problem.
=20
___________________________________________________________________________
--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjuL0W8ACgkQaqoBO7ipriFANgCfRiT8g+hsU4X7Xzb4CTInPsPg
/SgAnj5MqzU3C2SxzykMzia9v2RAv3+6
=yjHZ
-----END PGP SIGNATURE-----
--J/dobhs11T7y2rNN--