Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2001-SCO.2] UnixWare - su buffer overflow
From: sco-security () caldera com
Date: Tue, 26 Jun 2001 16:49:02 -0700

To: bugtraq () securityfocus com security-announce () lists securityportal com


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                UnixWare - su buffer overflow
Advisory number:        CSSA-2001-SCO.2
Issue date:             2001 June, 26
Cross reference:
___________________________________________________________________________



1. Problem Description

        The su command is vulnerable to a command line argument buffer
        overflow. This could allow a process to execute arbitrary
        code, allowing a malicious user to gain elevated privileges.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare 7              All             /sbin/su
                                                /usr/bin/su
                                                /usr/lib/libiaf.a
                                                /usr/lib/libiaf.so

3. Workaround

        None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/unixware/sr847407/


  4.2 Verification

        md5 checksums:
        
        ec9c4201d83b8031063ff03bd325e200        erg711713a.Z


        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/md5


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/erg711713a.Z
        # pkgadd -d /tmp/erg711713a


5. References

        http://www.calderasystems.com/support/security/index.html


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International, Inc. products.

___________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2001-SCO.2] UnixWare - su buffer overflow sco-security (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]