The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2001-SCO.10]: OpenServer: /etc/telnetd buffer overflow


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 9 Aug 2001 11:23:05 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2001-SCO.10]: OpenServer: /etc/telnetd buffer overflow

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii

To: [email protected] [email protected] [email protected]

Resending because of previous mail problems


--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="CSSA.10"

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer 5.0.5, 5.0.6: telnetd buffer overflow
Advisory number:        CSSA-2001-SCO.10
Issue date:             2001 August 7
Cross reference:
___________________________________________________________________________



1. Problem Description
        
        The telnet daemon /etc/telnetd is subject to a buffer
        overflow problem that could be used by a malicious user to
        gain unauthorized access to a system.


2. Vulnerable Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer 5            All             /etc/telnetd

3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openserver/sr849876/


  4.2 Verification

        md5 checksums:
        
        a3fead5326b361cc9a94f0376fdf0f10        telnetd.Z
        5e7d80c80b1ac2fcde9fc227f6793881        libresolv.so.1.Z
        a5b4e98ace9c64b2129ca53688a98650        libsocket.so.2.Z


        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Save the erg711793a.Z compressed tar archive into /tmp, and
        install/upgrade the affected binaries with the following commands:

        # cd /tmp
        # uncompress erg711793a.Z
        # tar xvf erg711793a
        # uncompress telnetd
        # mv /etc/telnetd /etc/telnetd.old
        # cp telnetd /etc
        # chown bin:bin /etc/telnetd
        # chmod 711 /etc/telnetd

        In addition, on any pre-5.0.6 system, or on any 5.0.6 system 
        without rs506a, execute the following commands:

        # uncompress libsocket.so.2
        # uncompress libresolv.so.1
        # cp libresolv.so.1 /usr/lib
        # cp libsocket.so.2 /usr/lib
        # chown bin:bin /usr/lib/libresolv.so.1
        # chown bin:bin /usr/lib/libsocket.so.2
        # chmod 555 /usr/lib/libresolv.so.1
        # chmod 555 /usr/lib/libsocket.so.2


5. References

        http://www.calderasystems.com/support/security/index.html


6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.


7.Acknowledgements

        Caldera International would like to thank Sebastian
        <[email protected]> for his posting on bugtraq, and KF
        <[email protected]> for reporting the problem to us.
         
___________________________________________________________________________

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="CSSA.10.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEABECAAYFAjtyxhUACgkQaqoBO7ipriE8cACfSMfN2Nu68VJHFEzMYHC/36fX
xJwAniuMAI7wiV2zfjIjNNUT/sB37++4
=2GNr
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру