The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2001-SCO.30] Open UNIX, UnixWare 7: DCE SPC library buffer overflow


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 6 Nov 2001 13:29:29 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.30] Open UNIX, UnixWare 7: DCE SPC library buffer overflow

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] an=
[email protected] [email protected]

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: DCE SPC library buffer overflow
Advisory number: 	CSSA-2001-SCO.30
Issue date: 		2001 November 6
Cross reference:
___________________________________________________________________________


1. Problem Description
=09
	The DCE SPC library is vulnerable to a network buffer overflow
	attack. This bug manifests itself in dtspcd.
=09

2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/dt/lib/libDtSvc.so.1
	Open UNIX		8.0.0		/usr/dt/lib/libDtSvc.so.1


3. Workaround

	None.


4. UnixWare 7, Open UNIX 8

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/


  4.2 Verification

	md5 checksums:
=09
	8d5c98f761dd68aa108794d8ed5c70f1	erg711881.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711881.Z
	# pkgadd -d /tmp/erg711881


5. References

	CERT / ISS draft advisory VU#172583

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr854831, fz519245, and erg711881=20


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers, intended to promote the secure installation
	and use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by Chris
	Spencer of the ISS X-Force.

	=20
___________________________________________________________________________

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvoVjkACgkQaqoBO7ipriHGfQCfUrWPMxGOx4d/vmlnJcph8U7j
xIcAn1sZxuJjF8bKpabBsaNVMFHgCua9
=LzIm
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру