From security@caldera.com Mon Nov 12 22:33:50 2001 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, scoannmod@xenitec.on.ca Date: Mon, 12 Nov 2001 17:17:30 -0800 Subject: Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Open UNIX, UnixWare 7: buffer overflow in ppp utilities Advisory number: CSSA-2001-SCO.32 Issue date: 2001 November 12 Cross reference: ___________________________________________________________________________ 1. Problem Description There is a buffer overflow in several of the ppp utilities that are linked to /usr/bin/pppattach. This could be used by an unauthorized user to gain privilege. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 7.1.0, 7.1.1 /usr/bin/pppattach Open UNIX 8.0.0 /usr/bin/pppattach 3. Workaround If you do not use ppp, remove the execute and/or setuid permissions from /usr/bin/pppattach. 4. UnixWare 7, Open UNIX 8 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/ 4.2 Verification md5 checksums: 24cf948a3691be14398dcd63d2f8eafb erg711869b.Z md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/erg711869b.Z # pkgadd -d /tmp/erg711869b 5. References This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr854234, fz519119 and erg711869. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ___________________________________________________________________________ [Part 2, Application/PGP-SIGNATURE 245bytes] [Unable to print this part]