Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Tue, 28 Aug 2001 10:14:23 -0700
From: sco-security@caldera.com
To: bugtraq@securityfocus.com, security-announce@lists.securityportal.com,
Subject: Security Update: [CSSA-2001-SCO.15] Open Unix: lpsystem buffer overflow

--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com an=
nounce@lists.caldera.com=20

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open Unix: lpsystem buffer overflow
Advisory number: 	CSSA-2001-SCO.15
Issue date: 		2001 August 28
Cross reference:
___________________________________________________________________________



1. Problem Description
=09
	A long argument to /usr/sbin/lpsystem can cause lpsystem to
	have a segmentation violation. This might be used by an
	unauthorized user to gain privilege.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	Open Unix		8.0.0		/usr/sbin/lpsystem


3. Workaround

	None.


4. Open Unix

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/openunix/sr847408/


  4.2 Verification

	md5 checksums:

	f2048bf92f7a55e13d2c3fb1ae8670d4	erg711789a.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711789a.Z
	# pkgadd -d /tmp/erg711789a


5. References

	http://www.calderasystems.com/support/security/


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7.Acknowledgements

	Caldera International wishes to thank KF <dotslash@snosoft.com>
	for discovering and reporting this problem.
	=20
___________________________________________________________________________

--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjuL0W8ACgkQaqoBO7ipriFANgCfRiT8g+hsU4X7Xzb4CTInPsPg
/SgAnj5MqzU3C2SxzykMzia9v2RAv3+6
=yjHZ
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: