[21311] in bugtraq
Security Update: [CSSA-2001-SCO.6] UnixWare: statd buffer overflow
daemon@ATHENA.MIT.EDU (sco-security@caldera.com)
Mon Jul 2 21:52:18 2001
Message-Id: <200107021849.f62InwM02019@ergo.uss.sco.com>
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com,
announce@lists.caldera.com
From: sco-security@caldera.com
Date: Mon, 2 Jul 2001 11:49:58 -0700
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: UnixWare: statd buffer overflow
Advisory number: CSSA-2001-SCO.6
Issue date: 2001 July 2
Cross reference:
___________________________________________________________________________
1. Problem Description
The nfs daemon /usr/lib/nfs/statd (otherwise known as
rpc.statd) was subject to a buffer overflow problem with the
SM_MON request that could be used by a malicious user to gain
unauthorized access to a system.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/lib/nfs/statd
3. Workaround
None.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/unixware/sr848098/
4.2 Verification
md5 checksums:
1e09711ec683f5f4e1626ef9d7131bd8 erg711747a.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711747a.Z
# pkgadd -d /tmp/erg711747a
5. References
http://www.calderasystems.com/support/security/index.html
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7.Acknowledgements
Caldera International wishes to thank Olaf Kirch
(okir@caldera.de) for reporting the problem.
___________________________________________________________________________
