=========================================================================== SCO Security Bulletin 98:02 March 16, 1998 Security Vulnerability in ftp Daemon --------------------------------------------------------------------------- I. Description A potential vulnerability has been discovered by inspection of the source code of ftpd, the ftp server. This is the same vulnerability as reported in CERT advisory CA-97.16. II. Impact We have not heard of any incidents where this vulnerability has been exploited, although it could be used to give an attacker root access in certain circumstances. III. Releases This problem exists on the following releases of SCO operating systems: - SCO Open Desktop/Open Server 3.0 (all) - SCO CMW+ 3.0 (all) - SCO OpenServer 5.0.0, 5.0.2 and 5.0.4 - SCO UnixWare 2.1 (all) The following releases are not vulnerable, and no patch is necessary: - SCO UnixWare 7 IV. Solution SCO is providing interim patches to address this issue in the form of a System Security Enhancement (SSE) package. The SSE package includes patches for all operating systems listed above as vulnerable. For OpenServer 5.0.0 and OpenServer 5.0.2, SLS OSS449F includes a fixed version of ftpd. OSS449F should be installed rather than SSE011. OSS449F is available from ftp://ftp.sco.com/SLS/oss449f/ and Compuserve SCOFORUM Library 11. For OpenServer 5.0.4, Release Supplement RS504C includes a fixed version of ftpd. RS504C should be installed rather than SSE011. RS504C is available from ftp://ftp.sco.com/Supplements/rs504c/ and Compuserve SCOFORUM Library 14. SSE011 should be installed on Open Desktop/OpenServer 3.0, CMW+ 3.0 and UnixWare 2.1. SSE011 is available for Internet download via anonymous ftp, and from the SCOFORUM on Compuserve. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse011.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse011.tar.Z (new binaries, compressed tar file) Compuserve: GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames: SSE011.LTR (cover letter, ASCII text) SSE011.TAZ (new binaries, compressed tar file) Checksums (sum -r): 22503 5 sse011.ltr 19774 377 sse011.tar.Z V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB.98:02a, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)