TUCoPS :: Unix :: General :: unix4911.htm

lpstat buffer overflow
10th Dec 2001 [SBWID-4911]
COMMAND

	lpstat buffer overflow

SYSTEMS AFFECTED

	OpenServer 5.0.6a and previous

PROBLEM

	As published in Caldera Security Advisory  CSSA-2001-SCO.38,  a  locally
	exploitable buffer overflow exists in lpstat command, even with sse072.

SOLUTION

	 Workaround

	 ==========

	

	If the lpstat command is not required, remove the setgid  bit  from  the
	binary:
	

	chmod g-s /usr/bin/lpstat

	

	

	 Fixed Binaries

	 ==============

	

		ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.38/

	

	

	 md5 checksums:

	

		2deab6d340bb3790104fa0cb8ae36e6c	erg711871.pkg.Z

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH