[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCO] Buffer Overflow in dlvr_audit - CSSA-2002-SCO.8



-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung von Caldera International
Inc. ueber Sicherheitsprobleme bei dlvr_audit. Wir geben diese
Informationen unveraendert an Sie weiter.

Im Programm dlvr_audit befindet sich eine Buffer-Overflow
Schwachstelle, die von einem lokalen Angreifer dazu ausgenutzt werden
kann, sich root-Rechte auf dem betroffenen System zu verschaffen.

Betroffen von dieser Schwachstelle sind SCO OpenServer 5.0.5 und
5.0.6. Version 5.0.6a ist nicht betroffen. Der Hersteller stellt
Patches zur Behebung der Schwachstelle bereit.

Leider wurde dieses Advisory mit einer detached Signature geschickt,
die wir ihnen nicht intakt und ueberpruefbar weiterleiten laesst. Die
Signatur wurde aber von uns ueberprueft und fuer korrekt befunden.

(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Klaus Moeller          |                      mailto:moeller@xxxxxxxxxxx
DFN-CERT GmbH          |            http://www.cert.dfn.de/team/moeller/
Oberstrasse 14b        |                        Phone: +49(40)808077-555
D-20144 Hamburg        |                          FAX: +49(40)808077-556
Germany	               |         PGP-Key: finger moeller@xxxxxxxxxxxxxxx

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: dlvr_audit: exploitable buffer overflow
Advisory number: 	CSSA-2002-SCO.8
Issue date: 		2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description
=09
	The dlvr_audit command has an exploitable buffer overflow that
	can be used by a malicious user to become root.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		5.0.5, 5.0.6	/etc/auth/dlvr_audit

	This has already been fixed in OpenServer 5.0.6a.

3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp:ftp.caldera.com/pub/openserver5/oss645a


  4.2 Verification

	MD5 (oss645a) =3D ebfbb4d2931fb83e8ccc2390868bb11f

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	***************
	IMPORTANT NOTE:
=09
	You MUST first install "SLS OSS640A: BIND Update" before
	attempting to install this SLS.  SLS OSS640A installs files
	that are necessary for OSS645A (this SLS) to function
	properly.

	***************

	1. Download the OSS645A media image file
	   (ftp.caldera.com/pub/openserver5/oss645a), place the file
	   in the /tmp directory and rename the file by typing these
	   commands:

	      mv /tmp/oss645a /tmp/VOL.000.000

	2. Run the Software Manager with the command:

	      # scoadmin software

	   or double-click on the Software Manager icon in the
	   desktop.

	3. Pull down the "Software" menu and select "Install New".

	4. When prompted for the host from which to install, choose
	   the local machine and then "Continue".

	5. In the "Select Media" menu, pull down the "Media Device"
	   menu.  Select "Media Images", then choose "Continue".

	6. When prompted for the "Image Directory", enter "/tmp" (or
	   the directory where you placed the VOL file in step 1) and
	   choose "OK".

	7. When prompted to select software to install, make sure that
	   the "OSS645A: Audit Subsystem Security Supplement" entry is
	   highlighted.  Choose "Install".

	8. Installation of SLS OSS645A is now complete.  To exit the
	   Software Manager, select "Exit" from the "Host" menu.


5. References

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	erg377672, SCO-247-295.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by Tomasz
	Kusmeirz.
	=20
___________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQEVAwUBPI9pQ4rEggYLt8j5AQFMOgf/WU0pBx1XMc3EGO+f59ZsbijD5QaBgwFG
7ZokrdDbBq3ziulXmoyB6cktSy/niBaa+zSeHzh99dVdpWrxvjp02sf5D2vhpvNb
TPj+e4ERpgFCT82agW3C0PyzTDa+1eHy/ROzb8mtwE/DC7R4AUHxqDwwgF5EHON8
cnKj738wPlk384/XJSbOoKlcI/6zmCEIz/LYq0Sy3+klwrNaX8ILlxBmcpYJK4XD
8CIUBqHr4YOXYYQCD6pm2qLz1TQvPFuJqgc/JsL1XADUgotsVrEHZ7nGf8LrpbDX
IJth0khPBc/cWFTOruiGW1bB33bTUe9CYk26IKHNQDWgeRYtbiNI0g==
=J7d8
-----END PGP SIGNATURE-----