TUCoPS :: SCO :: sco5928.htm

command line argument buffer overflow in ps
12th Jan 2003 [SBWID-5928]
COMMAND

	command line argument buffer overflow in ps

SYSTEMS AFFECTED

	UnixWare 7.1.1 Open UNIX 8.0.0

PROBLEM

	In SCO Security Advisory [CSSA-2003-SCO.1] :
	
	 http://www.sco.com/support/security/index.html
	
	The ps command has a command line argument buffer  overflow.  Note  that
	ps is not a setuid or setgid program, but instead it  is  authorized  to
	use  (and  does  use)  the   procprivl(SETPRV,pm_work(P_MACREAD)   call.
	Therefore, this vulnerability is exploitable, and could be used  to  run
	code of the attacker's choice with these elevated privileges.

SOLUTION

	The proper solution is to install the latest packages :
	
	
	UnixWare 7.1.1
	
		Location of Fixed Binaries
	
		ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.1
	
	
		Verification
	
		MD5 (erg712109.pkg.Z) = 70777560bc1e0d55ceff89dfd8334c47
	
		md5 is available for download from
			ftp://ftp.sco.com/pub/security/tools
	
	
		Installing Fixed Binaries
	
		Upgrade the affected binaries with the following sequence:
	
		Download erg712109.pkg.Z to the /var/spool/pkg directory
	
		# uncompress /var/spool/pkg/erg712109.pkg.Z
		# pkgadd -d /var/spool/pkg/erg712109.pkg
	
	
	Open UNIX 8.0.0
	
		Location of Fixed Binaries
	
		ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.1
	
	
		Verification
	
		MD5 (erg712109.pkg.Z) = 70777560bc1e0d55ceff89dfd8334c47
	
		md5 is available for download from
			ftp://ftp.sco.com/pub/security/tools
	
	
		Installing Fixed Binaries
	
		Upgrade the affected binaries with the following sequence:
	
		Download erg712109.pkg.Z to the /var/spool/pkg directory
	
		# uncompress /var/spool/pkg/erg712109.pkg.Z
		# pkgadd -d /var/spool/pkg/erg712109.pkg
	

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH