[21234] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Security Update: [CSSA-2001-SCO.4] UnixWare: uucp utilities buffer overflows

daemon@ATHENA.MIT.EDU (sco-security@caldera.com)
Thu Jun 28 14:34:01 2001

Message-Id: <200106280052.f5S0qQC27953@ergo.uss.sco.com>
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com
From: sco-security@caldera.com
Date: Wed, 27 Jun 2001 17:52:26 -0700
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye"
Content-Disposition: inline

--tsOsTdHNUZQcU9Ye
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		UnixWare - uucp utilities buffer overflows
Advisory number: 	CSSA-2001-SCO.4
Issue date: 		2001 June, 27
Cross reference:
___________________________________________________________________________



1. Problem Description

	The uucp utilities are vulnerable to command line argument
	buffer overflows. These could allow a process to execute
	arbitrary code, allowing a malicious user to gain elevated
	privileges.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/bin/uucp
						/usr/bin/uux
						/usr/lib/uucp/bnuconvert
						/usr/lib/uucp/uucico
						/usr/lib/uucp/uuxcmd
						/usr/lib/uucp/uuxqt


3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/unixware/sr847405/


  4.2 Verification

	md5 checksums:
=09
	e93266c02e2bd2f71b9675847fd9a7b5	erg711716a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711716a.Z
	# pkgadd -d /tmp/erg711716a


5. References

	http://www.calderasystems.com/support/security/index.html


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International, Inc. products.

___________________________________________________________________________

--tsOsTdHNUZQcU9Ye
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjs6f8oACgkQaqoBO7ipriEf4wCfUXY2KvpRIkde6eJFcXRj1O1v
0JAAnRW2cH0ey5mK8pzGomoQJcT+q3Q2
=oM2X
-----END PGP SIGNATURE-----

--tsOsTdHNUZQcU9Ye--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21234] in bugtraq

Security Update: [CSSA-2001-SCO.4] UnixWare: uucp utilities buffer overflows

daemon@ATHENA.MIT.EDU (sco-security@caldera.com)Thu Jun 28 14:34:01 2001

daemon@ATHENA.MIT.EDU (sco-security@caldera.com)
Thu Jun 28 14:34:01 2001