-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.11: Vulnerability in ld.so

Caldera Security Advisory SA-1997.11

Original report date:  16-Jul-1997
RPM build date:        17-Jul-1997
Original issue date:   23-Jul-1997

Topic: Vulnerability in ld.so

I. Problem Description

	A buffer overflow problem has been reported affecting the ELF
	and a.out program loaders on Linux.

	On Linux, programs linked against shared libraries execute
	some code contained in /lib/ld.so (for a.out binaries) or
	/lib/ld-linux.so (for ELF binaries), which loads the shared
	libraries and binds all symbols.  If an error occurs during this
	stage, an error message is printed and the program terminates. The
	printf replacement used at this stage is not protected from
	buffer overruns.

	Detailed information about the vulnerability as well as methods of
	its exploit have been made publicly available.

II. Impact

	This problem can possibly be exploited by malicious users to
	obtain root access.

III. Solution

	Install the new ld.so 1.7.14-5 package, as described below.
	These packages are located on Caldera's FTP server (ftp.caldera.com):

	ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/

	The MD5 checksum (from the "md5sum" command) for these package are:
	2fed2dd482fe44e020a4bd40fdd2059e  RPMS/ld.so-1.7.14-5.i386.rpm
	572974e8f777b6da7d67aed15db9c115  SRPMS/ld.so-1.7.14-5.src.rpm

	ld.so-1.7.14-5:       Security upgrade as announced on 18 July 1997 
			      This update is for ELF packages. An a.out update
			      does not exist.

	To install the update use the following command:
		rpm -U RPMS/ld.so-1.7.14-5.i386.rpm


IV. References / Credits

	This and other Caldera security resources are located at:

		http://www.caldera.com/tech-ref/security/

	Problem originally reported by Dave G. <dhg@dec.net> on the BugTraq
	email list with Message-ID:

		<Pine.LNX.3.95.970716103135.5244A-100000@yoshiwara.dec.net>

	This advisory closes Caldera's internal bug report #850.

	$Id: SA-1997.11,v 1.1 1997/07/23 22:29:47 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBM9aGB+n+9R4958LpAQH9DAP6A5J6RCBC2FIX1KSu1eSjzKAvoWE16MLL
PUdA9NZxSH640sULQITmwuIQKV5gq4ZT+m6PEVN3YaE2pSuDiBZDd2uzLteC0OpZ
ziqtdAOwOe+MKVKcSWUOccJWH67gcwrOAkA1RTLsUy08Y4NStT2KOkbkEziigyzp
0oKKo3g9r+o=
=eXHu
-----END PGP SIGNATURE-----