![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: Andrew Sharpe <asharpe@sco.COM>
To: bugtraq@securityfocus.com
Subject: Caldera Systems security advisory: libcurses, atcronsh, rtpm
Date: Fri, 22 Jun 2001 10:41:21 -0700
___________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: curses library, rtpm, atcronsh
Advisory number: CSSA-2001-SCO.1
Issue date: 2001 June, 22
Cross reference:
_____________________________________________________________________________
1. Problem Description
A buffer overrun vulnerability has been found in the curses
library. A malicious user could attack a set{uid,gid} command
that uses this library to gain privileges.
One such command that is shipped with OpenServer is
/usr/lib/sysadm/atcronsh.
One such command that is shipped with UnixWare 7 is
/usr/sbin/rtpm.
In addition, the curses library is shipped only as a static
library, so an application would need to be re-linked with
this new library to take advantage of the fix.
2. Vulnerable Versions
Operating System Version Affected Files
----------------------------------------------------------------
UnixWare 7 All /usr/sbin/rtpm
/usr/ccs/lib/libcurses.a
OpenServer <= 5.0.6a /usr/lib/sysadm/atcronsh
/usr/lib/libcurses.a
3. Workaround
For rtpm:
# chmod g-s /usr/sbin/rtpm
For atcronsh:
# chmod g-s /usr/lib/sysadm/atcronsh
Otherwise, none.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/unixware/sr848806/
4.2 Verification
md5 checksums:
ae2bc5b813dad2c729fb3593b59fd62a libcurses.a.Z
990d9216ed368f2939596104c60bd27b rtpm.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Backup the existing /usr/ccs/lib/libcurses.a, and replace it
with the provided libcurses.a binary. Ensure that the new
libcurses.a has bin/bin/0444 permissions.
Backup the existing /usr/sbin/rtpm and replace it with the
provided rtpm binary. Ensure that the new rtpm has
bin/sys/02555 permissions.
5. OpenServer
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/security/openserver/sr848771/
libcurses.a is not yet available; expect it within a week of
this advisory.
4.2 Verification
md5 checksums:
bf1ce0570284a1e12256ebac0174f6d4 atcronsh.Z
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools/
4.3 Installing Fixed Binaries
Backup the existing /usr/lib/sysadm/atcronsh and replace it
with the provided atcronsh binary. Ensure that the new
atcronsh has bin/cron/02111 permissions.
Backup the existing /usr/lib/libcurses.a, and replace it
with the provided libcurses.a binary. Ensure that the new
libcurses.a has bin/bin/0644 permissions.
6. References
Caldera security resources are located at the following url:
http://www.calderasystems.com/support/security/index.html
7. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera OpenLinux.
8. Acknowledgements
Caldera wishes to thank Aycan Irican <aycan@mars.prosoft.com.tr>
for spotting the UnixWare problem.
Caldera wishes to thank KF <dotslash@snosoft.com> for spotting
the OpenServer problem.
_____________________________________________________________________________