The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2001-SCO.38] OpenServer: lpstat buffer overflow


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 7 Dec 2001 10:31:02 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.38] OpenServer: lpstat buffer overflow

--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: [email protected] [email protected] scoannmod@xenitec.=
on.ca


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: lpstat buffer overflow
Advisory number: 	CSSA-2001-SCO.38
Issue date: 		2001 December 7
Cross reference:	sse072
___________________________________________________________________________


1. Problem Description
=09
	Even with sse072, lpstat has a buffer overflow. This could be
	used by a malicious user to gain privileges.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<=3D 5.0.6a	/usr/bin/lpstat


3. Workaround

	If the lpstat command is not required, remove the setgid bit
	from the binary:

		chmod g-s /usr/bin/lpstat


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.38/


  4.2 Verification

	md5 checksums:
=09
	2deab6d340bb3790104fa0cb8ae36e6c	erg711871.pkg.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711871.pkg.Z
	# pkgadd -d /tmp/erg711871.pkg


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr854294, SCO-559-1315, erg711871.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.

___________________________________________________________________________

--VrqPEDrXMn8OVzN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwRCuUACgkQaqoBO7ipriGyQQCeN8d03pNqPP9sh8N3wYUVX7Av
5QgAmwe0z9pgKZSsLTeAkd5KFjw7gxVi
=0uQK
-----END PGP SIGNATURE-----

--VrqPEDrXMn8OVzN4--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру