6658435 2001-06-22 10:41 -0700 /144 rader/ Andrew Sharpe <asharpe@sco.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-06-23 03:36 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17579>
Ärende: Caldera Systems security advisory: libcurses, atcronsh, rtpm
------------------------------------------------------------
___________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: curses library, rtpm, atcronsh
Advisory number: CSSA-2001-SCO.1
Issue date: 2001 June, 22
Cross reference:
_____________________________________________________________________________
1. Problem Description
A buffer overrun vulnerability has been found in the curses
library. A malicious user could attack a set{uid,gid} command
that uses this library to gain privileges.
One such command that is shipped with OpenServer is
/usr/lib/sysadm/atcronsh.
One such command that is shipped with UnixWare 7 is
/usr/sbin/rtpm.
In addition, the curses library is shipped only as a static
library, so an application would need to be re-linked with
this new library to take advantage of the fix.
2. Vulnerable Versions
Operating System Version Affected Files
----------------------------------------------------------------
UnixWare 7 All /usr/sbin/rtpm
/usr/ccs/lib/libcurses.a
OpenServer <= 5.0.6a /usr/lib/sysadm/atcronsh
/usr/lib/libcurses.a
3. Workaround
For rtpm:
# chmod g-s /usr/sbin/rtpm
For atcronsh:
# chmod g-s /usr/lib/sysadm/atcronsh
Otherwise, none.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/unixware/sr848806/
4.2 Verification
md5 checksums:
ae2bc5b813dad2c729fb3593b59fd62a libcurses.a.Z
990d9216ed368f2939596104c60bd27b rtpm.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Backup the existing /usr/ccs/lib/libcurses.a, and replace it
with the provided libcurses.a binary. Ensure that the new
libcurses.a has bin/bin/0444 permissions.
Backup the existing /usr/sbin/rtpm and replace it with the
provided rtpm binary. Ensure that the new rtpm has
bin/sys/02555 permissions.
5. OpenServer
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openserver/sr848771/
libcurses.a is not yet available; expect it within a week of
this advisory.
4.2 Verification
md5 checksums:
bf1ce0570284a1e12256ebac0174f6d4 atcronsh.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Backup the existing /usr/lib/sysadm/atcronsh and replace it
with the provided atcronsh binary. Ensure that the new
atcronsh has bin/cron/02111 permissions.
Backup the existing /usr/lib/libcurses.a, and replace it
with the provided libcurses.a binary. Ensure that the new
libcurses.a has bin/bin/0644 permissions.
6. References
Caldera security resources are located at the following url:
http://www.calderasystems.com/support/security/index.html
7. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera OpenLinux.
8. Acknowledgements
Caldera wishes to thank Aycan Irican
<aycan@mars.prosoft.com.tr> for spotting the UnixWare problem.
Caldera wishes to thank KF <dotslash@snosoft.com> for spotting
the OpenServer problem.
_____________________________________________________________________________
(6658435) /Andrew Sharpe <asharpe@sco.COM>/(Ombruten)
Bilaga (application/pgp-signature) i text 6658436
6658436 2001-06-22 10:41 -0700 /10 rader/ Andrew Sharpe <asharpe@sco.COM>
Importerad: 2001-06-23 03:36 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17580>
Bilaga (text/plain) till text 6658435
Ärende: Bilaga till: Caldera Systems security advisory: libcurses, atcronsh, rtpm
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjszg0EACgkQom1bqoqwkdT+LQCfRJxpJ2La6Gwa/rQALigBCFFi
vkkAmgMENBIoxo/ri6qf4YkvNqvpYv9m
=MwMA
-----END PGP SIGNATURE-----
(6658436) /Andrew Sharpe <asharpe@sco.COM>/---------