From: "tigger@caldera.com.8.Aug.101.12":05.PDT@graphics-muse.org To: announce@lists.caldera.com, bugtraq@securityfocus.com Subject: Security Update: [CSSA-2001-SCO.10]: OpenServer: /etc/telnetd buffer overflow Date: Wed, 08 Aug 2001 11:19:54 -0700 To: announce@lists.caldera.com bugtraq@securityfocus.com security-announce@lists.securityportal.com ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer 5.0.5, 5.0.6: telnetd buffer overflow Advisory number: CSSA-2001-SCO.10 Issue date: 2001 August 7 Cross reference: ___________________________________________________________________________ 1. Problem Description The telnet daemon /etc/telnetd is subject to a buffer overflow problem that could be used by a malicious user to gain unauthorized access to a system. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer 5 All /etc/telnetd 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/openserver/sr849876/ 4.2 Verification md5 checksums: a3fead5326b361cc9a94f0376fdf0f10 telnetd.Z 5e7d80c80b1ac2fcde9fc227f6793881 libresolv.so.1.Z a5b4e98ace9c64b2129ca53688a98650 libsocket.so.2.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Save the erg711793a.Z compressed tar archive into /tmp, and install/upgrade the affected binaries with the following commands: # cd /tmp # uncompress erg711793a.Z # tar xvf erg711793a # uncompress telnetd # mv /etc/telnetd /etc/telnetd.old # cp telnetd /etc # chown bin:bin /etc/telnetd # chmod 711 /etc/telnetd In addition, on any pre-5.0.6 system, or on any 5.0.6 system without rs506a, execute the following commands: # uncompress libsocket.so.2 # uncompress libresolv.so.1 # cp libresolv.so.1 /usr/lib # cp libsocket.so.2 /usr/lib # chown bin:bin /usr/lib/libresolv.so.1 # chown bin:bin /usr/lib/libsocket.so.2 # chmod 555 /usr/lib/libresolv.so.1 # chmod 555 /usr/lib/libsocket.so.2 5. References http://www.calderasystems.com/support/security/index.html 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7.Acknowledgements Caldera International would like to thank Sebastian <scut@nb.in-berlin.de> for his posting on bugtraq, and KF <dotslash@snosoft.com> for reporting the problem to us. ___________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org iEYEABECAAYFAjtwgocACgkQom1bqoqwkdT4VgCffDi3JtUqtDbxip/qOBbDvi+0 gWcAoIaurZJPLfJt2N7UpdMmFY8Pto7Q =w6aP -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com For additional commands, e-mail: announce-help@lists.caldera.com