|
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls Advisory number: CSSA-2002-SCO.33 Issue date: 2002 July 15 Cross reference: ______________________________________________________________________________ 1. Problem Description The timed program does not enforce null-termination of strings in certain situations. It is possible that this could be used by a malicious user to perform a remote denial-of-service attack. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.5 /etc/timed OpenServer 5.0.6 /etc/timed 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.5 4.1 Location of Fixed Binaries ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33 4.2 Verification MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265 md5 is available for download from ftp://ftp.caldera.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: 1) Download the VOL* files to the /tmp directory Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. OpenServer 5.0.6 5.1 Location of Fixed Binaries ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.33 5.2 Verification MD5 (VOL.000.000) = 8f818406b55b806e10b05c3647517265 md5 is available for download from ftp://ftp.caldera.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: 1) Download the VOL* files to the /tmp directory Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 6. References Specific references for this advisory: http://xforce.iss.net/static/6228.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0388 Caldera security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr855195, SCO-559-1321, erg711889. 7. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 8. Acknowledgements This vulnerability was discovered and researched by David A. Holland <dholland@www.linux.org.uk>.