SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   uidadmin Vendors:   Caldera/SCO
Caldera (SCO) UnixWare/Open UNIX uidadmin Utility May Let Local Users Obtain Root Level Access via a Buffer Overflow
SecurityTracker Alert ID:  1002278
SecurityTracker URL:  http://securitytracker.com/id/1002278
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 27 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): UnixWare 7, Open Unix 8.0.0
Description:   Caldera (SCO) reported a vulnerability in the uidadmin utility for Open Linux (UnixWare). The security hole may allow local users to execute arbitrary code on the system with root level privileges.

It is reported that a long argument supplied to the uidadmin admin using the "-S" (scheme) command line switch will cause uidadmin to crash due to a buffer overflow. A local user may be able to obtain root privileges.

Impact:   A local user may be able to obtain root privileges.
Solution:   The vendor has released a fix, available at:

ftp://ftp.sco.com/pub/security/openunix/sr847563/

md5 checksums:
6778640ca80a88ed3af993adbe839bfb
erg711722a.Z

Vendor URL:  www.calderasystems.com/support/security/index.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow




--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: bugtraq@securityfocus.com announce@lists.caldera.com security-announce@=
lists.securityportal.com

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open Unix, UnixWare: uidadmin buffer overflow
Advisory number: 	CSSA-2001-SCO.14
Issue date: 		2001 August 23
Cross reference:
___________________________________________________________________________



1. Problem Description
=09
	A very long argument to the uidadmin "-S" (scheme) argument
	causes uidadmin to core dump. This might be exploited by an
	unauthorized user to gain privilege.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/bin/uidadmin
	Open Unix		8.0.0		/usr/bin/uidadmin


3. Workaround

	None.


4. UnixWare 7, Open Unix

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/openunix/sr847563/


  4.2 Verification

	md5 checksums:
=09
	6778640ca80a88ed3af993adbe839bfb	erg711722a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711722a.Z
	# pkgadd -d /tmp/erg711722a


5. References

	http://www.calderasystems.com/support/security/index.html


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.

___________________________________________________________________________

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjuFfaQACgkQaqoBO7ipriFYHACfbVUNlqmaHd91138rMnK/feM3
A0gAmwcKj7Q7uaVGWL48xgOHJMbLgNd0
=nn/2
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC