[12750] in bugtraq
SCO su patches
daemon@ATHENA.MIT.EDU (Alfred Huger)
Sun Nov 28 12:48:11 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9911280848280.13692-100000@www.securityfocus.com>
Date: Sun, 28 Nov 1999 08:48:48 -0800
Reply-To: Alfred Huger <ah@SECURITYFOCUS.COM>
From: Alfred Huger <ah@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
===========================================================================
SCO Security Bulletin 99.19
17th-November-1999
su Security Patch
---------------------------------------------------------------------------
I. Description
Several security holes were found in the "su" program along with
the iaf library.
II. Impact
Without these patches, unauthorized users may gain privileges.
III. Releases
This SSE contains binaries for:
UnixWare 2.1.3
UnixWare 7.0.0 through 7.1.1
IV. Solution
SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.
SSE039 contains replacement binaries for each system type, and is
available for Internet download via anonymous ftp, and from the SCOFORUM
on Compuserve.
You can download the SSE package as follows:
Anonymous ftp (World Wide Web URL):
ftp://ftp.sco.COM/SSE/sse039.ltr (cover letter, ASCII text)
ftp://ftp.sco.COM/SSE/sse039.tar.Z (new binaries, compressed tar
file)
Compuserve:
GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these
filenames:
SSE039.LTR (cover letter, ASCII text)
SSE039.TAZ (new binaries, compressed tar file)
Checksums (sum -r):
01787 3 sse039.ltr
53627 555 sse039.tar.Z
V. Updates
This bulletin is available for anonymous ftp download from
ftp://ftp.sco.COM/SSE/security_bulletins/SB-99.19a, and will be
updated as new information becomes available.
The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/
VI. Further Information:
If you have further questions, contact your support provider. If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows.
USA/Canada: 6am-5pm Pacific Time (PST/PDT)
-----------
1-800-347-4381 (voice)
1-408-427-5443 (fax)
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
------------------------------------------------ Time (PST/PDT)
1-408-425-4726 (voice)
1-408-427-5443 (fax)
Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
----------------------------
+44 (0)1923 816344 (voice)
+44 (0)1923 817781 (fax)
