OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: sco-securitycaldera.com
Date: Mon Jul 02 2001 - 13:49:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: bugtraqsecurityfocus.com security-announcelists.securityportal.com announcelists.caldera.com

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: UnixWare: statd buffer overflow
    Advisory number: CSSA-2001-SCO.6
    Issue date: 2001 July 2
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            The nfs daemon /usr/lib/nfs/statd (otherwise known as
            rpc.statd) was subject to a buffer overflow problem with the
            SM_MON request that could be used by a malicious user to gain
            unauthorized access to a system.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            UnixWare 7 All /usr/lib/nfs/statd

    3. Workaround

            None.

    4. UnixWare 7

      4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/security/unixware/sr848098/

      4.2 Verification

            md5 checksums:
            
            1e09711ec683f5f4e1626ef9d7131bd8 erg711747a.Z

            md5 is available for download from

                    ftp://ftp.sco.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/erg711747a.Z
            # pkgadd -d /tmp/erg711747a

    5. References

            http://www.calderasystems.com/support/security/index.html

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    7.Acknowledgements

            Caldera International wishes to thank Olaf Kirch
            (okircaldera.de) for reporting the problem.
             
    ___________________________________________________________________________