[22440] in bugtraq
Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow
daemon@ATHENA.MIT.EDU (sco-security@caldera.com)
Mon Aug 27 18:52:34 2001
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com,
an=@caldera.com
From: sco-security@caldera.com
Date: Mon, 27 Aug 2001 14:21:59 -0700
Message-ID: <20010827142159.G4999@caldera.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com security-announce@lists.securityportal.com an=
nounce@lists.caldera.com
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open Unix, UnixWare: uidadmin buffer overflow
Advisory number: CSSA-2001-SCO.14
Issue date: 2001 August 23
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
A very long argument to the uidadmin "-S" (scheme) argument
causes uidadmin to core dump. This might be exploited by an
unauthorized user to gain privilege.
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/bin/uidadmin
Open Unix 8.0.0 /usr/bin/uidadmin
3. Workaround
None.
4. UnixWare 7, Open Unix
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openunix/sr847563/
4.2 Verification
md5 checksums:
=09
6778640ca80a88ed3af993adbe839bfb erg711722a.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711722a.Z
# pkgadd -d /tmp/erg711722a
5. References
http://www.calderasystems.com/support/security/index.html
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
___________________________________________________________________________
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjuKufcACgkQaqoBO7ipriFMEQCcDkZwZAnZAAjqA0VYHoDJFcFd
BEIAoIAHLaoP+dGm123e2TvqhLpDWh2h
=/NbX
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
