[22407] in bugtraq
Security Update: [CSSA-2001-SCO.12] OpenServer: mana buffer overflow
daemon@ATHENA.MIT.EDU (sco-security@caldera.com)
Fri Aug 24 15:25:51 2001
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com,
an=@caldera.com
From: sco-security@caldera.com
Date: Fri, 24 Aug 2001 11:55:37 -0700
Message-ID: <20010824115537.F27024@caldera.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="NKoe5XOeduwbEQHU"
Content-Disposition: inline
--NKoe5XOeduwbEQHU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com security-announce@lists.securityportal.com an=
nounce@lists.caldera.com
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer: mana buffer overflow
Advisory number: CSSA-2001-SCO.12
Issue date: 2001 August 17
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
/usr/internet/admin/mana/mana was subject to a buffer overflow
that could be used by a malicious user to gain root access.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <=3D 5.0.6a /usr/internet/admin/mana/mana
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openserver/sr847464/
4.2 Verification
md5 checksums:
c7c06ccffc481b78e249dd6474996222 mana.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/mana.Z
# mv /usr/internet/admin/mana/mana /usr/internet/admin/mana/mana.old
# cp /tmp/mana /usr/internet/admin/mana
# chown root /usr/internet/admin/mana/mana
# chgrp sys /usr/internet/admin/mana/mana
# chmod 6755 /usr/internet/admin/mana/mana
=09
5. References
http://www.calderasystems.com/support/security/index.html
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
___________________________________________________________________________
--NKoe5XOeduwbEQHU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjuGoykACgkQaqoBO7ipriGtkwCgof5EzMmnHcBOlcpz1nI1qRwo
CCMAoIydzFD9cyM4WTmXand2LWPNpSWi
=Ry3A
-----END PGP SIGNATURE-----
--NKoe5XOeduwbEQHU--
