Bugtraqmailing list archives

By Date

By Thread

Security Update: [CSSA-2002-SCO.19] OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflow

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca______________________________________________________________________________                Caldera International, Inc.  Security AdvisorySubject:                OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflowAdvisory number:        CSSA-2002-SCO.19Issue date:             2002 May 20Cross reference:______________________________________________________________________________1. Problem Description        A buffer overflow vulnerability has been discovered in        /etc/yppasswdd which may be exploited by a local or a remote        attacker to gain root access on the NIS master server system.2. Vulnerable Supported Versions        System                          Binaries        ----------------------------------------------------------------------        OpenServer 5.0.5                /etc/yppasswdd        OpenServer 5.0.6                /etc/yppasswdd3. Solution        The proper solution is to install the latest packages.4. OpenServer 5.0.5        4.1 Location of Fixed Binariesftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.19        4.2 Verification        MD5 (VOL.000.000) = d683b9007da3efc51a9f6f9db7270ec2        md5 is available for download fromftp://stage.caldera.com/pub/security/tools/        4.3 Installing Fixed Binaries        Upgrade the affected binaries with the following commands:        1) Download the VOL* files to the /tmp directory        Run the custom command, specify an install from media images,        and specify the /tmp directory as the location of the images.5. OpenServer 5.0.6        5.1 Location of Fixed Binariesftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.19        5.2 Verification        MD5 (VOL.000.000) = d683b9007da3efc51a9f6f9db7270ec2        md5 is available for download fromftp://stage.caldera.com/pub/security/tools/        5.3 Installing Fixed Binaries        Upgrade the affected binaries with the following commands:        1) Download the VOL* files to the /tmp directory        Run the custom command, specify an install from media images,        and specify the /tmp directory as the location of the images.6. References        Specific references for this advisory:http://www.kb.cert.org/vuls/id/327281        Caldera UNIX security resources:http://stage.caldera.com/support/security/        Caldera OpenLinux security resources:http://www.caldera.com/support/security/index.html        This security fix closes Caldera incidents sr854485,        SCO-559-1316, and erg711875 .7. Disclaimer        Caldera International, Inc. is not responsible for the        misuse of any of the information we provide on this website        and/or through our security advisories. Our advisories are        a service to our customers intended to promote secure        installation and use of Caldera products.______________________________________________________________________________

Attachment:_bin
Description:

By Date

By Thread

Current thread:

• Security Update: [CSSA-2002-SCO.19] OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflowsecurity (May 21)