LOCATION: Neohapsis / Archives / Caldera Linux / Message Index / Security Update: [CSSA-2001-SCO.8] OpenServer: /etc/popper buffer overflow
 
From: sco-security@caldera.com
Date: Thu Jul 26 2001 - 12:48:07 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    To: announce@lists.caldera.com bugtraq@securityfocus.com security-announce@lists.securityportal.com

    ___________________________________________________________________________

                Caldera International, Inc. Security Advisory

    Subject: OpenServer: /etc/popper buffer overflow
    Advisory number: CSSA-2001-SCO.8
    Issue date: 2001 July 26
    Cross reference:
    ___________________________________________________________________________

    1. Problem Description
            
            The popper daemon /etc/popper was subject to a buffer overflow
            that could be used by a malicious user.

    2. Vulnerable Versions

            Operating System Version Affected Files
            ------------------------------------------------------------------
            OpenServer <= 5.0.6a /etc/popper

    3. Workaround

            None.

    4. OpenServer

      4.1 Location of Fixed Binaries

            ftp://ftp.sco.com/pub/security/openserver/sr848324/

      4.2 Verification

            md5 checksums:
            
            8795253219fbcbba3027f0c37f6a884e popper.Z

            md5 is available for download from

                    ftp://ftp.sco.com/pub/security/tools/

      4.3 Installing Fixed Binaries

            Upgrade the affected binaries with the following commands:

            # uncompress /tmp/popper.Z
            # mv /etc/popper /etc/popper.old
            # cp /tmp/popper /etc
            # chown bin /etc/popper
            # chgrp bin /etc/popper
            # chmod 755 /etc/popper

    5. References

            http://www.calderasystems.com/support/security/index.html

    6. Disclaimer

            Caldera International, Inc. is not responsible for the misuse
            of any of the information we provide on our website and/or
            through our security advisories. Our advisories are a service
            to our customers intended to promote secure installation and
            use of Caldera International products.

    7.Acknowledgements

            Caldera International wishes to thank Gustavo Viscaino for
            originally finding the problem, Michael Brennen
            <mbrennen@fni.com> for forwarding the problem report from the
            qpopper list, and the folks at Qualcomm for fixing the
            problem.
             
    ___________________________________________________________________________

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
    For additional commands, e-mail: announce-help@lists.caldera.com

     

    • Portions of this site are copyright 1998-2001, Neohapsis, Inc. Questions, comments or feedback, send E-mail to webmaster@neohapsis.com