From security@caldera.com Wed Oct 30 05:38:01 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Mon, 28 Oct 2002 16:51:37 -0800 Reply-To: please_reply_to_security@caldera.com Subject: Security Update: [CSSA-2002-041.0] Linux: pam_ldap format string vulnerability To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: pam_ldap format string vulnerability Advisory number: CSSA-2002-041.0 Issue date: 2002 October 28 Cross reference: ______________________________________________________________________________ 1. Problem Description The pam_ldap module provides authentication for user access to a system by consulting a directory using LDAP. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to pam_ldap-144-1.i386.rpm OpenLinux 3.1.1 Workstation prior to pam_ldap-144-1.i386.rpm OpenLinux 3.1 Server prior to pam_ldap-144-1.i386.rpm OpenLinux 3.1 Workstation prior to pam_ldap-144-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-041.0/RPMS 4.2 Packages 8e772565f5fd9933c938cbc7a4a9f229 pam_ldap-144-1.i386.rpm 4.3 Installation rpm -Fvh pam_ldap-144-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-041.0/SRPMS 4.5 Source Packages 46faba5e7af087eccd984e8a68e6068a pam_ldap-144-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-041.0/RPMS 5.2 Packages 732acb91b620f591e5036dc5117362c6 pam_ldap-144-1.i386.rpm 5.3 Installation rpm -Fvh pam_ldap-144-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-041.0/SRPMS 5.5 Source Packages ac6da0b1c041f42bc5afdfbb13d50750 pam_ldap-144-1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-041.0/RPMS 6.2 Packages 37d60b62162ddf3f044d0c5533d83e05 pam_ldap-144-1.i386.rpm 6.3 Installation rpm -Fvh pam_ldap-144-1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-041.0/SRPMS 6.5 Source Packages 2a2b18ef2cf09c944dee12cb2169ca20 pam_ldap-144-1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-041.0/RPMS 7.2 Packages ea457e8e6c356e688ec547d59652b812 pam_ldap-144-1.i386.rpm 7.3 Installation rpm -Fvh pam_ldap-144-1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-041.0/SRPMS 7.5 Source Packages a39531e06057bbaaed603cb4150ca6a3 pam_ldap-144-1.src.rpm 8. References Specific references for this advisory: http://www.padl.com/OSS/pam_ldap.html http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr865994, fz521320, erg501620. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements The pam_ldap team at padl.com discovered and researched this vulnerability. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]