SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Internet Manager (mana) Vendors:   Caldera/SCO
Caldera/SCO OpenServer Buffer Overflow in Mana Lets Local Users Take Root Level Control of the System
SecurityTracker Alert ID:  1002251
SecurityTracker URL:  http://securitytracker.com/id/1002251
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 25 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenServer <= 5.0.6a
Description:   Caldera reported a ulnerability in their Internet Manager (mana) program for OpenServer (SCO Unix) that lets local users gain root level privileges.

It is reported that /usr/internet/admin/mana/mana contains a buffer overflow that allows a remote user to cause arbitrary code to be executed with root level privileges.

Impact:   A local user can execute arbitrary code with root level privileges, obtaining root level access on the host.
Solution:   The vendor has released a fix. Fixed binaries are reportedly available at:

ftp://ftp.sco.com/pub/security/openserver/sr847464/

md5 checksums:

c7c06ccffc481b78e249dd6474996222 mana.Z

The binaries can be upgraded with the following commands:

# uncompress /tmp/mana.Z
# mv /usr/internet/admin/mana/mana /usr/internet/admin/mana/mana.old
# cp /tmp/mana /usr/internet/admin/mana
# chown root /usr/internet/admin/mana/mana
# chgrp sys /usr/internet/admin/mana/mana
# chmod 6755 /usr/internet/admin/mana/mana

Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.12] OpenServer: mana buffer overflow


--NKoe5XOeduwbEQHU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: mana buffer overflow
Advisory number: 	CSSA-2001-SCO.12
Issue date: 		2001 August 17
Cross reference:
___________________________________________________________________________



1. Problem Description
	
	/usr/internet/admin/mana/mana was subject to a buffer overflow
	that could be used by a malicious user to gain root access.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/usr/internet/admin/mana/mana


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/openserver/sr847464/


  4.2 Verification

	md5 checksums:

	c7c06ccffc481b78e249dd6474996222	mana.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/mana.Z
	# mv /usr/internet/admin/mana/mana /usr/internet/admin/mana/mana.old
	# cp /tmp/mana /usr/internet/admin/mana
	# chown root /usr/internet/admin/mana/mana
	# chgrp sys /usr/internet/admin/mana/mana
	# chmod 6755 /usr/internet/admin/mana/mana
	

5. References

	http://www.calderasystems.com/support/security/index.html


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.

___________________________________________________________________________

--NKoe5XOeduwbEQHU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjuGoykACgkQaqoBO7ipriGtkwCgof5EzMmnHcBOlcpz1nI1qRwo
CCMAoIydzFD9cyM4WTmXand2LWPNpSWi
=Ry3A
-----END PGP SIGNATURE-----

--NKoe5XOeduwbEQHU--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC