Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-SCO.6]
From: security () caldera com
Date: Thu, 21 Feb 2002 14:05:25 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open UNIX, UnixWare 7: webtop setuid script vulnerability
Advisory number:        CSSA-2002-SCO.6
Issue date:             2002 February 21
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        The setuid scripts in the webtop product may be used to gain
        root privileges.


2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare 7              7.1.1           /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi
                                                /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi
        Open UNIX               8.0.0           /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi
                                                /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi

3. Workaround

        If the webtop functionality is not needed, remove the setuid
        permissions from the scripts:

        # chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi
        # chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/


  4.2 Verification

        MD5 (erg711951b.Z) = 53a0eb6dfe4bc1b1d8361ef1c5b488a6

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download erg711951b.Z to the /tmp directory

        # uncompress /tmp/erg711951b.Z
        # pkgadd -d /tmp/erg711951b


5. References

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This  advisory addresses Caldera Security  internal  incidents
        sr859215, fz519942, erg711951.


6. Disclaimer

        Caldera International, Inc. is not responsible for  the misuse
        of  any of  the  information we provide on our  website and/or
        through our security advisories.  Our advisories are a service
        to our  customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Caldera   would    like   to   thank   jggm   JeGalGhongMyeung
        <jggm () mail com>  for  the  discovery  and  research   of  this
        vulnerability.
                       
         
___________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-SCO.6] security (Feb 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault