![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
Date: Fri, 2 Mar 2001 11:58:48 -0700
From: Caldera Support Info <sup-info@locutus4.calderasystems.com>
To: announce@lists.calderasystems.com, bugtraq@securityfocus.com,
Subject: Security Update: buffer overflow in /bin/mail CSSA-2001-010.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: buffer overflow in /bin/mail
Advisory number: CSSA-2001-010.0
Issue date: 2001 March, 3
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a buffer overflow in /bin/mail which allows a local
attacker to read, modify and delete mails of other users on the
system.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
mailx-8.1.1-12OL
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder mailx-8.1.1-12
OpenLinux eDesktop 2.4 All packages previous to
mailx-8.1.1-12
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
abc1ee0ce4d52ba1dd7059167af66cdc RPMS/mailx-8.1.1-12OL.i386.rpm
d88d071f083e7548837fb07aaf3e431d SRPMS/mailx-8.1.1-12OL.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv mailx*.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
eb76e3238d1832ce648c8fe8abcdeb53 RPMS/mailx-8.1.1-12.i386.rpm
6e0e4ae06009c54bee2385353b4d3d5c SRPMS/mailx-8.1.1-12.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh mailx*i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
f99f489b3e748147d8ccfa9377158b55 RPMS/mailx-8.1.1-12.i386.rpm
6e0e4ae06009c54bee2385353b4d3d5c SRPMS/mailx-8.1.1-12.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh mailx*i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 9327.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6n6cK18sy83A/qfwRAvfXAJsF1bdKbW4TqKNvpxb94GUZaKa9zACgvrpK
8x+YlIW94nAw664llDguces=RrQ/
-----END PGP SIGNATURE-----
�