|
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: dlvr_audit: exploitable buffer overflow Advisory number: CSSA-2002-SCO.8 Issue date: 2002 March 11 Cross reference: ___________________________________________________________________________ 1. Problem Description The dlvr_audit command has an exploitable buffer overflow that can be used by a malicious user to become root. 2. Vulnerable Supported Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer 5.0.5, 5.0.6 /etc/auth/dlvr_audit This has already been fixed in OpenServer 5.0.6a. 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp:ftp.caldera.com/pub/openserver5/oss645a 4.2 Verification MD5 (oss645a) = ebfbb4d2931fb83e8ccc2390868bb11f md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: *************** IMPORTANT NOTE: You MUST first install "SLS OSS640A: BIND Update" before attempting to install this SLS. SLS OSS640A installs files that are necessary for OSS645A (this SLS) to function properly. *************** 1. Download the OSS645A media image file (ftp.caldera.com/pub/openserver5/oss645a), place the file in the /tmp directory and rename the file by typing these commands: mv /tmp/oss645a /tmp/VOL.000.000 2. Run the Software Manager with the command: # scoadmin software or double-click on the Software Manager icon in the desktop. 3. Pull down the "Software" menu and select "Install New". 4. When prompted for the host from which to install, choose the local machine and then "Continue". 5. In the "Select Media" menu, pull down the "Media Device" menu. Select "Media Images", then choose "Continue". 6. When prompted for the "Image Directory", enter "/tmp" (or the directory where you placed the VOL file in step 1) and choose "OK". 7. When prompted to select software to install, make sure that the "OSS645A: Audit Subsystem Security Supplement" entry is highlighted. Choose "Install". 8. Installation of SLS OSS645A is now complete. To exit the Software Manager, select "Exit" from the "Host" menu. 5. References ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/ This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents erg377672, SCO-247-295. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements This vulnerability was discovered and researched by Tomasz Kusmeirz.