Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow
From: security () caldera com
Date: Mon, 11 Mar 2002 16:12:20 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: dlvr_audit: exploitable buffer overflow
Advisory number:        CSSA-2002-SCO.8
Issue date:             2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description
        
        The dlvr_audit command has an exploitable buffer overflow that
        can be used by a malicious user to become root.


2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              5.0.5, 5.0.6    /etc/auth/dlvr_audit

        This has already been fixed in OpenServer 5.0.6a.

3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp:ftp.caldera.com/pub/openserver5/oss645a


  4.2 Verification

        MD5 (oss645a) = ebfbb4d2931fb83e8ccc2390868bb11f

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        ***************
        IMPORTANT NOTE:
        
        You MUST first install "SLS OSS640A: BIND Update" before
        attempting to install this SLS.  SLS OSS640A installs files
        that are necessary for OSS645A (this SLS) to function
        properly.

        ***************

        1. Download the OSS645A media image file
           (ftp.caldera.com/pub/openserver5/oss645a), place the file
           in the /tmp directory and rename the file by typing these
           commands:

              mv /tmp/oss645a /tmp/VOL.000.000

        2. Run the Software Manager with the command:

              # scoadmin software

           or double-click on the Software Manager icon in the
           desktop.

        3. Pull down the "Software" menu and select "Install New".

        4. When prompted for the host from which to install, choose
           the local machine and then "Continue".

        5. In the "Select Media" menu, pull down the "Media Device"
           menu.  Select "Media Images", then choose "Continue".

        6. When prompted for the "Image Directory", enter "/tmp" (or
           the directory where you placed the VOL file in step 1) and
           choose "OK".

        7. When prompted to select software to install, make sure that
           the "OSS645A: Audit Subsystem Security Supplement" entry is
           highlighted.  Choose "Install".

        8. Installation of SLS OSS645A is now complete.  To exit the
           Software Manager, select "Exit" from the "Host" menu.


5. References

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        erg377672, SCO-247-295.


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        This vulnerability was discovered and researched by Tomasz
        Kusmeirz.
         
___________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow security (Mar 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault