SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Lp Utilities Vendors:   Caldera/SCO
Caldera Open Unix (SCO) lp Utilities May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1002426
SecurityTracker URL:  http://securitytracker.com/id/1002426
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 19 2001
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a security vulnerability in the following line printer utilties for UnixWare and Open Unix: accept, reject, enable, and disable. A buffer overflow may allow a local user to gain elevated privileges on the system.

On UnixWare 7, the following binaries are affected:

/usr/bin/enable
/usr/bin/disable
/usr/sbin/accept
/usr/sbin/reject

On Open Unix, the following binaries are affected:

/usr/bin/enable
/usr/bin/disable
/usr/sbin/accept
/usr/sbin/reject

This vulnerability is related to a recently reported vulnerability in Caldera SCO lpsystem.

Caldera credits KF (dotslash @ snosoft.com) with reporting this flaw.

Impact:   A local user can gain elevated privileges.
Solution:   Caldera has released fixed binaries, available at:

ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.16/

md5 checksums:

303d3ffd1acbcf91e50fd6b68ec1a5cf erg711788b.Z

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.16] Open Unix, UnixWare 7: lp utility commands: buffer overflows


--NzB8fVQJ5HfG6fxh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: security-announce@lists.securityportal.com announce@lists.caldera.com bugtraq@securityfocus.com

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open Unix, UnixWare 7: lp utility commands: buffer overflows
Advisory number: 	CSSA-2001-SCO.16
Issue date: 		2001 September 18
Cross reference:
___________________________________________________________________________



1. Problem Description
	
	Very long arguments to the line printer utilities accept,
	reject, enable and disable caused a segmentation violation.
	This could be used by an unauthorized user to gain privilege.
		


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/bin/enable
						/usr/bin/disable
						/usr/sbin/accept
						/usr/sbin/reject

	Open Unix		All		/usr/bin/enable
						/usr/bin/disable
						/usr/sbin/accept
						/usr/sbin/reject


3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.16/


  4.2 Verification

	md5 checksums:
	
	303d3ffd1acbcf91e50fd6b68ec1a5cf	erg711788b.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711788b.Z
	# pkgadd -d /tmp/erg711788b


5. Open Unix

  5.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.16/


  5.2 Verification

	md5 checksums:
	
	ca3605f82792a855caafe72245425dc9	erg711788a.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711788a.Z
	# pkgadd -d /tmp/erg711788a

6. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr849818, sr847404, and sr847403.

7. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


8. Acknowledgements

	Caldera International wishes to thank KF <dotslash@snosoft.com>
        for discovering and reporting this problem.

	 
___________________________________________________________________________


--NzB8fVQJ5HfG6fxh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjunxpcACgkQaqoBO7ipriHJ+wCgpav7OUz2wA5F0MFNL7SBuAbc
80YAoKzPCUKGburjxhANV7YxB7v1S0Fn
=UBXT
-----END PGP SIGNATURE-----

--NzB8fVQJ5HfG6fxh--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC