SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Dlvr_audit Vendors:   Caldera/SCO
Caldera OpenServer 'dlvr_audit' Buffer Overflow Lets Local Users Gain Root Level Privileges on the System
SecurityTracker Alert ID:  1003794
SecurityTracker URL:  http://securitytracker.com/id/1003794
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Caldera reported a vulnerability in dlvr_audit for Caldera OpenServer. A local user may be able to gain elevated privileges on the system.

It is reported that the dlvr_audit command has an exploitable buffer overflow that can be used by a malicious user to become root. Caldera did not provide any details.

The affected file is:

/etc/auth/dlvr_audit

Impact:   A local user can trigger a buffer overflow to cause arbitrary code to be execute on the server, giving the local user root privileges on the system.
Solution:   The vendor has released a fix (OpenServer 5.0.6a), available at:

ftp:ftp.caldera.com/pub/openserver5/oss645a

The verification checksum is:

MD5 (oss645a) = ebfbb4d2931fb83e8ccc2390868bb11f

Upgrade the affected binaries with the following commands:

***************
IMPORTANT NOTE:

You MUST first install "SLS OSS640A: BIND Update" before attempting to install this SLS. SLS OSS640A installs files that are necessary for OSS645A (this SLS) to function properly.

***************

1. Download the OSS645A media image file (ftp.caldera.com/pub/openserver5/oss645a), place the file in the /tmp directory and rename the file by typing these commands:

mv /tmp/oss645a /tmp/VOL.000.000

2. Run the Software Manager with the command:

# scoadmin software

or double-click on the Software Manager icon in the desktop.

3. Pull down the "Software" menu and select "Install New".

4. When prompted for the host from which to install, choose the local machine and then "Continue".

5. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue".

6. When prompted for the "Image Directory", enter "/tmp" (or the directory where you placed the VOL file in step 1) and choose "OK".

7. When prompted to select software to install, make sure that the "OSS645A: Audit Subsystem Security Supplement" entry is highlighted. Choose "Install".

8. Installation of SLS OSS645A is now complete. To exit the Software Manager, select "Exit" from the "Host" menu.

Vendor URL:  www.calderasystems.com/support/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  OpenServer 5.0.5, 5.0.6

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow


--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: dlvr_audit: exploitable buffer overflow
Advisory number: 	CSSA-2002-SCO.8
Issue date: 		2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	The dlvr_audit command has an exploitable buffer overflow that
	can be used by a malicious user to become root.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		5.0.5, 5.0.6	/etc/auth/dlvr_audit

	This has already been fixed in OpenServer 5.0.6a.

3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp:ftp.caldera.com/pub/openserver5/oss645a


  4.2 Verification

	MD5 (oss645a) = ebfbb4d2931fb83e8ccc2390868bb11f

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	***************
	IMPORTANT NOTE:
	
	You MUST first install "SLS OSS640A: BIND Update" before
	attempting to install this SLS.  SLS OSS640A installs files
	that are necessary for OSS645A (this SLS) to function
	properly.

	***************

	1. Download the OSS645A media image file
	   (ftp.caldera.com/pub/openserver5/oss645a), place the file
	   in the /tmp directory and rename the file by typing these
	   commands:

	      mv /tmp/oss645a /tmp/VOL.000.000

	2. Run the Software Manager with the command:

	      # scoadmin software

	   or double-click on the Software Manager icon in the
	   desktop.

	3. Pull down the "Software" menu and select "Install New".

	4. When prompted for the host from which to install, choose
	   the local machine and then "Continue".

	5. In the "Select Media" menu, pull down the "Media Device"
	   menu.  Select "Media Images", then choose "Continue".

	6. When prompted for the "Image Directory", enter "/tmp" (or
	   the directory where you placed the VOL file in step 1) and
	   choose "OK".

	7. When prompted to select software to install, make sure that
	   the "OSS645A: Audit Subsystem Security Supplement" entry is
	   highlighted.  Choose "Install".

	8. Installation of SLS OSS645A is now complete.  To exit the
	   Software Manager, select "Exit" from the "Host" menu.


5. References

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	erg377672, SCO-247-295.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by Tomasz
	Kusmeirz.
	 
___________________________________________________________________________

--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyNR+QACgkQaqoBO7ipriGa+QCbBp2mKI3WCn/roelvAcZOPwGw
980An2GvxcoY53LUMBENVrwMYXs881AD
=9urV
-----END PGP SIGNATURE-----

--W/nzBZO5zC0uMSeA--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC