Home page logo
/

bugtraq logo Bugtraq mailing list archives

Caldera Systems security advisory: libcurses, atcronsh, rtpm
From: Andrew Sharpe <asharpe () sco COM>
Date: Fri, 22 Jun 2001 10:41:21 -0700


___________________________________________________________________________

                   Caldera Systems, Inc.  Security Advisory

Subject:                curses library, rtpm, atcronsh
Advisory number:        CSSA-2001-SCO.1
Issue date:             2001 June, 22
Cross reference:
_____________________________________________________________________________



1. Problem Description

        A buffer overrun vulnerability has been found in the curses
        library. A malicious user could attack a set{uid,gid} command
        that uses this library to gain privileges.

        One such command that is shipped with OpenServer is
        /usr/lib/sysadm/atcronsh.

        One such command that is shipped with UnixWare 7 is
        /usr/sbin/rtpm.

        In addition, the curses library is shipped only as a static
        library, so an application would need to be re-linked with
        this new library to take advantage of the fix.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ----------------------------------------------------------------
        UnixWare 7              All             /usr/sbin/rtpm
                                                /usr/ccs/lib/libcurses.a

        OpenServer              <= 5.0.6a       /usr/lib/sysadm/atcronsh
                                                /usr/lib/libcurses.a

3. Workaround

        For rtpm:
                # chmod g-s /usr/sbin/rtpm

        For atcronsh:
                # chmod g-s /usr/lib/sysadm/atcronsh
                
        Otherwise, none.


4. UnixWare 7

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/unixware/sr848806/


  4.2 Verification

        md5 checksums:
        
        ae2bc5b813dad2c729fb3593b59fd62a        libcurses.a.Z
        990d9216ed368f2939596104c60bd27b        rtpm.Z


        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Backup the existing /usr/ccs/lib/libcurses.a, and replace it
        with the provided libcurses.a binary. Ensure that the new
        libcurses.a has bin/bin/0444 permissions.

        Backup the existing /usr/sbin/rtpm and replace it with the
        provided rtpm binary. Ensure that the new rtpm has
        bin/sys/02555 permissions.


5. OpenServer

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openserver/sr848771/

        libcurses.a is not yet available; expect it within a week of
        this advisory.


  4.2 Verification

        md5 checksums:
        
        bf1ce0570284a1e12256ebac0174f6d4        atcronsh.Z

        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Backup the existing /usr/lib/sysadm/atcronsh and replace it
        with the provided atcronsh binary. Ensure that the new
        atcronsh has bin/cron/02111 permissions.

        Backup the existing /usr/lib/libcurses.a, and replace it
        with the provided libcurses.a binary. Ensure that the new
        libcurses.a has bin/bin/0644 permissions.


6. References

        Caldera security resources are located at the following url:

        http://www.calderasystems.com/support/security/index.html


7. Disclaimer

        Caldera Systems, Inc. is not responsible for the misuse of any
        of the information we provide on this website and/or through
        our security advisories. Our advisories are a service to our
        customers intended to promote secure installation and use of
        Caldera OpenLinux.


8. Acknowledgements

        Caldera wishes to thank Aycan Irican <aycan () mars prosoft com tr>
        for spotting the UnixWare problem.

        Caldera wishes to thank KF <dotslash () snosoft com> for spotting
        the OpenServer problem.
        

_____________________________________________________________________________


Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Caldera Systems security advisory: libcurses, atcronsh, rtpm Andrew Sharpe (Jun 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]