The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-SCO.21] OpenServer 5.0.5 OpenServer 5.0.6 : sort command creates temporary files insecurely


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 28 May 2002 16:05:40 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-SCO.21] OpenServer 5.0.5 OpenServer 5.0.6 : sort command creates temporary files insecurely

--z6Eq5LdranGa6ru8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: [email protected] [email protected] [email protected]

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 : sort command creates temporary files insecurely
Advisory number: 	CSSA-2002-SCO.21
Issue date: 		2002 May 28
Cross reference:
______________________________________________________________________________


1. Problem Description

	The sort command creates and uses temporary files insecurely.
	Names can be predicted, and spoofed with symbolic links.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.5		/bin/sort
	OpenServer 5.0.6		/bin/sort


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.21


	4.2 Verification

	MD5 (VOL.000.000) = ebaac320d491aae20385b0c54af794fb

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. OpenServer 5.0.6

	5.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.21


	5.2 Verification

	MD5 (VOL.000.000) = ebaac320d491aae20385b0c54af794fb

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


6. References

	Specific references for this advisory:
		none

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr848813,
	SCO-1-238, erg711767 .


7. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.

______________________________________________________________________________

--z6Eq5LdranGa6ru8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjz0DUQACgkQaqoBO7ipriGzeACeLTEqdz3KhQa1RPtWzs3tzD+J
TOwAnidDF5vA/izv5kaVd30D+F5ZtviT
=M+fA
-----END PGP SIGNATURE-----

--z6Eq5LdranGa6ru8--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру