TUCoPS :: SCO :: cs2sco17.txt

OpenServer 5.0.5 : sar -o buffer overflow - Caldera Advisory CSSA-2002-SCO.17

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca


		Caldera International, Inc.  Security Advisory

Subject:		OpenServer 5.0.5 : sar -o buffer overflow
Advisory number: 	CSSA-2002-SCO.17
Issue date: 		2002 May 01
Cross reference:

1. Problem Description

	If the /usr/bin/sar command is given an exceedingly long
	argument to the o option, it will memory fault. This could
	allow a malicious user to elevate their permissions.

2. Vulnerable Supported Versions

	System				Binary
	OpenServer 5.0.5		/usr/bin/sar

3. Solution

	The proper solution is to install the latest packages.

4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries


4.2 Verification

	MD5 (VOL.000.000) = f912fe801263863956c257c4ef395570

	md5 is available for download from

4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	1) Download the VOL* files to the /tmp directory

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.

5. References

	Specific references for this advisory:

	Caldera UNIX security resources:

Caldera OpenLinux security resources:

This security fix closes Caldera incidents sr862424, fz520480,

6. Disclaimer

	Caldera International, Inc. is not responsible for the
	misuse of any of the information we provide on this website
	and/or through our security advisories. Our advisories are
	a service to our customers intended to promote secure
	installation and use of Caldera products.

7. Acknowledgements

	Caldera would like to thank KF <dotslash@snosoft.com> for
	discovering this problem, researching it, and alerting us.
	And being patient, too.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH