12th Jan 2003 [SBWID-5928]
COMMAND
command line argument buffer overflow in ps
SYSTEMS AFFECTED
UnixWare 7.1.1 Open UNIX 8.0.0
PROBLEM
In SCO Security Advisory [CSSA-2003-SCO.1] :
http://www.sco.com/support/security/index.html
The ps command has a command line argument buffer overflow. Note that
ps is not a setuid or setgid program, but instead it is authorized to
use (and does use) the procprivl(SETPRV,pm_work(P_MACREAD) call.
Therefore, this vulnerability is exploitable, and could be used to run
code of the attacker's choice with these elevated privileges.
SOLUTION
The proper solution is to install the latest packages :
UnixWare 7.1.1
Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.1
Verification
MD5 (erg712109.pkg.Z) = 70777560bc1e0d55ceff89dfd8334c47
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712109.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712109.pkg.Z
# pkgadd -d /var/spool/pkg/erg712109.pkg
Open UNIX 8.0.0
Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.1
Verification
MD5 (erg712109.pkg.Z) = 70777560bc1e0d55ceff89dfd8334c47
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Download erg712109.pkg.Z to the /var/spool/pkg directory
# uncompress /var/spool/pkg/erg712109.pkg.Z
# pkgadd -d /var/spool/pkg/erg712109.pkg
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
