Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow

From: sco-security@caldera.com
Date: 08/27/01

• Previous message: Marc Fossi: "Re: WIN2000 and IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com, an=@caldera.com
From: sco-security@caldera.com
Date: Mon, 27 Aug 2001 14:21:59 -0700
Subject: Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow
Message-ID: <20010827142159.G4999@caldera.com>

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject: Open Unix, UnixWare: uidadmin buffer overflow
Advisory number: CSSA-2001-SCO.14
Issue date: 2001 August 23
Cross reference:
___________________________________________________________________________

1. Problem Description
        
        A very long argument to the uidadmin "-S" (scheme) argument
        causes uidadmin to core dump. This might be exploited by an
        unauthorized user to gain privilege.

2. Vulnerable Versions

        Operating System Version Affected Files
        ------------------------------------------------------------------
        UnixWare 7 All /usr/bin/uidadmin
        Open Unix 8.0.0 /usr/bin/uidadmin

3. Workaround

        None.

4. UnixWare 7, Open Unix

  4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/security/openunix/sr847563/

  4.2 Verification

        md5 checksums:
        
        6778640ca80a88ed3af993adbe839bfb erg711722a.Z

        md5 is available for download from

                ftp://ftp.sco.com/pub/security/tools/

  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        # uncompress /tmp/erg711722a.Z
        # pkgadd -d /tmp/erg711722a

5. References

        http://www.calderasystems.com/support/security/index.html

6. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.

___________________________________________________________________________

---

• application/pgp-signature attachment: stored

---

• Previous message: Marc Fossi: "Re: WIN2000 and IIS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Security Update: [CSSA-2001-SCO.30] Open UNIX, UnixWare 7: DCE SPC library buffer overflow ... Subject: Security Update: Open UNIX, UnixWare 7: DCE SPC library buffer overflow ... Cross reference: ... Workaround ... (Bugtraq) Security Update: [CSSA-2001-SCO.36] Open UNIX, UnixWare 7: wu-ftpd ftpglob() vulnerability ... Subject: Security Update: Open UNIX, UnixWare 7: wu-ftpd ftpglobvulnerability ... Cross reference: ... (Bugtraq) Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities ... Subject: Security Update: Open UNIX, UnixWare 7: buffer overflow in ppp utilities ... Cross reference: ... Workaround ... (Bugtraq) Security Update: [CSSA-2001-SCO.7] OpenUnix, UnixWare: su buffer overflow ... Subject: Security Update: OpenUnix, UnixWare: su buffer overflow ... Cross reference: ... Location of Fixed Binaries ... (Bugtraq) Security Update: [CSSA-2001-SCO.21] Open Unix, UnixWare 7: dtaction argument buffer overflow ... Subject: Security Update: Open Unix, UnixWare 7: dtaction argument buffer overflow ... Cross reference: ... Workaround ... Location of Fixed Binaries ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-08