Computer Security

Security Advisory: Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  SCO uidadmin buffer overflow

  iDEFENSE Security Advisory 12.12.05: SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability

From:CALDERA
Date:28.08.2001
Subject:Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com
announce@lists.caldera.com

___________________________________________________________________________

           Caldera International, Inc. Security Advisory

Subject:                Open Unix, UnixWare: uidadmin buffer overflow
Advisory number:        CSSA-2001-SCO.14
Issue date:             2001 August 23
Cross reference:
___________________________________________________________________________



1. Problem Description
       
       A very long argument to the uidadmin "-S" (scheme) argument
       causes uidadmin to core dump. This might be exploited by an
       unauthorized user to gain privilege.


2. Vulnerable Versions

       Operating System        Version         Affected Files
       ------------------------------------------------------------------
       UnixWare 7              All             /usr/bin/uidadmin
       Open Unix               8.0.0           /usr/bin/uidadmin


3. Workaround

       None.


4. UnixWare 7, Open Unix

 4.1 Location of Fixed Binaries

       ftp://ftp.sco.com/pub/security/openunix/sr847563/


 4.2 Verification

       md5 checksums:
       
       6778640ca80a88ed3af993adbe839bfb        erg711722a.Z


       md5 is available for download from

               ftp://ftp.sco.com/pub/security/tools/


 4.3 Installing Fixed Binaries

       Upgrade the affected binaries with the following commands:

       # uncompress /tmp/erg711722a.Z
       # pkgadd -d /tmp/erg711722a


5. References

       http://www.calderasystems.com/support/security/index.html


6. Disclaimer

       Caldera International, Inc. is not responsible for the misuse
       of any of the information we provide on our website and/or
       through our security advisories. Our advisories are a service
       to our customers intended to promote secure installation and
       use of Caldera International products.

___________________________________________________________________________
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru