[23085] in bugtraq
Security Update: [CSSA-2001-SCO.30] Open UNIX, UnixWare 7: DCE SPC library buffer overflow
daemon@ATHENA.MIT.EDU (security-alert@caldera.com)
Thu Nov 8 23:55:27 2001
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com,
announce@lists.caldera.com, scoannmod@xenitec.on.ca
From: security-alert@caldera.com
Date: Tue, 6 Nov 2001 13:29:29 -0800
Message-ID: <20011106132929.A11855@caldera.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3"
Content-Disposition: inline
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com security-announce@lists.securityportal.com an=
nounce@lists.caldera.com scoannmod@xenitec.on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: DCE SPC library buffer overflow
Advisory number: CSSA-2001-SCO.30
Issue date: 2001 November 6
Cross reference:
___________________________________________________________________________
1. Problem Description
=09
The DCE SPC library is vulnerable to a network buffer overflow
attack. This bug manifests itself in dtspcd.
=09
2. Vulnerable Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/dt/lib/libDtSvc.so.1
Open UNIX 8.0.0 /usr/dt/lib/libDtSvc.so.1
3. Workaround
None.
4. UnixWare 7, Open UNIX 8
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
4.2 Verification
md5 checksums:
=09
8d5c98f761dd68aa108794d8ed5c70f1 erg711881.Z
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
# uncompress /tmp/erg711881.Z
# pkgadd -d /tmp/erg711881
5. References
CERT / ISS draft advisory VU#172583
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr854831, fz519245, and erg711881=20
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers, intended to promote the secure installation
and use of Caldera International products.
7. Acknowledgements
This vulnerability was discovered and researched by Chris
Spencer of the ISS X-Force.
=20
___________________________________________________________________________
--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjvoVjkACgkQaqoBO7ipriHGfQCfUrWPMxGOx4d/vmlnJcph8U7j
xIcAn1sZxuJjF8bKpabBsaNVMFHgCua9
=LzIm
-----END PGP SIGNATURE-----
--BOKacYhQ+x31HxR3--
