System Security Enhancement (SSE) SSE072B - 11-Apr-2001 NOTE: This patch supercedes SSE072. However, there is no need to install SSE072B on any system with SSE072 already successfully applied. Problem: Buffer overflows have been found in the following SCO OpenServer 5 utilities: /usr/bin/accept /usr/bin/cancel /usr/mmdf/bin/deliver /usr/bin/disable /usr/bin/enable /usr/lib/libcurses.a /usr/bin/lp /usr/lib/lpadmin /usr/lib/lpfilter /usr/lib/lpforms /usr/lib/lpmove /usr/lib/lpshut /usr/bin/lpstat /usr/lib/lpusers /usr/bin/recon /usr/bin/reject /usr/bin/rmail /usr/lib/sendmail /usr/bin/tput NOTE: the accept, reject, enable, and disable commands are symbolically linked to the same binary. Running any of the above utilities with a very large argument can result in a core dump. For example: /usr/bin/recon -T `perl -e 'print "A" x 3000'` Patch: This patch is applicable to all releases of OpenServer 5. However, for releases 5.0.0, 5.0.2, 5.0.4, and 5.0.5, please note the additional installation instruction 3b below. This patch contains replacements for all binaries listed above. This patch supercedes SSE072. There is no need to apply SSE072B on OpenServer Release 5.0.6 if SSE072 is already applied. Installation: 1. We reccommend you drop into single user mode to install this SSE (though this is not enforced). 2. Uncompress and extract the SSE into a temporary directory of the server (eg. /tmp/sse072b). # uncompress sse072b.tar.Z OR # bunzip2 sse072b.tar.bz2 # tar xvf sse072b.tar 3. Execute the install script. Follow the instructions at the prompt. # ./install-sse072b.sh Note: "Warning" messages simply explain that because a specific file was not found on the current server, it was not replaced. If a system has custom binaries or paths, this patch may not succeed. 3b.For releases 5.0.0, 5.0.2, 5.0.4, and 5.0.5 (NOT 5.0.6), manually install ./usr/lib/libsocket.so.2 and ./usr/lib/libresolv.so.1 by copying these files to /usr/lib: # cp usr/lib/libsocket.so.2 /usr/lib # cp usr/lib/libresolv.so.1 /usr/lib 4. Clean up. A backup of the orginal binaries will be saved in: /opt/K/SCO/sse/sse072b The following files will be left over after patch installation and can be removed: ./install-sse072b.sh ./sse072b.files.tar The following files will be left over after patch installation and can be moved to an archival directory in case the patches are needed again: ./sse072b.tar ./sse072b.doc Checksums of the packages: `sum -lr ./sse072b.tar`: 3532308775 3788 MD5(./sse072b.tar): 4ee79e11f2db094f2f51a8597d0095b2 `sum -lr ./sse072b.files.tar`: 1147213061 3768 MD5:(./sse072b.files.tar): 1b7c64ee49ec076a8244fb2b123582b2 References: Most of the vulnerabilities addressed in this patch were found by: Kevin Finisterre For more details, see the following BUGTRAQ archives: http://www.securityfocus.com/archive/1/171949 http://www.securityfocus.com/archive/1/171947 http://www.securityfocus.com/archive/1/171942 http://www.securityfocus.com/archive/1/171939 http://www.securityfocus.com/archive/1/171935 http://www.securityfocus.com/archive/1/171934 http://www.securityfocus.com/archive/1/171933 Disclaimer: SCO believes that this patch addresses the reported vulnerabilities. However, in order that it be released as soon as possible, this patch has not been fully tested or packaged to SCO's normal exacting standards. For that reason, this patch is not officially supported. Official supported and packaged fixes for current SCO products will be available in due course.