SA-1997.06.txt
6e18cd23df0bc47daa3a5e25a119c18dee383364ed19210afa819b5c4784f2cc
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.06: Vulnerability in elm package
Caldera Security Advisory SA-1997.06
Original issue date: 6-July-1997
Last revised: 6-July-1997
Topic: Vulnerability in elm
I. Problem Description
A vulnerability exists within the elm mail reader that will allow
allow un-privileged users on systems to read, delete, and modify other
users' email.
This is also known as the "termname-overflow" bug.
II. Impact
On systems such as Caldera OpenLinux 1.0 and 1.1, an unprivileged
user can modify other's email.
III. Solution
Obtain the new elm-2.4.25-5.i386.rpm, and elm-doc-2.4.25-5.i386.rpm
files and install according to the instructions found in the README
file which is one directory up from the actual rpm files.
These packages are located on Caldera's FTP server (ftp.caldera.com):
/pub/openlinux/updates/1.0/current/RPMS
/pub/openlinux/updates/1.1/current/RPMS (Both are the same)
The MD5 checksum (from the "md5sum" command) for these packages are:
44f6f7aa0426e205447c860b4fa0ff46 elm-2.4.25-5.i386.rpm
f35d83b4340faccdcee47da751417e86 elm-doc-2.4.25-5.i386.rpm
Please follow the instructions from the README file precisely to
update any older version of elm that may be on your system:
IV. References / Credits
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
This advisory is based on a message to linux-security:
Subject: [linux-security] Security hole in Elm...
Message-ID: <Pine.LNX.3.95L01at.970514162056.12656A-100000@venus.wis.pk.edu.pl>
Credits to:
Marcin Bohosiewicz <marcus@venus.wis.pk.edu.pl>
ftp://venus.wis.pk.edu.pl/pub/RPMS/elm-2.4.25-8.i386.rpm
ftp://venus.wis.pk.edu.pl/pub/SRPMS/elm-2.4.25-8.src.rpm
LST / Raymund Will <ray@lst.de>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM8A1DOn+9R4958LpAQEUrgP/cinP6XjKlCnajAEs/D60GUpwV+0ZMbut
SluunhivDw4v7ir3mXlgaHwxYY3avs4bcAvjWscZGk/1/TcN99xdeIOfOnxNvdqf
nmPCv+RE5Q02Fiy4HTTv/AM39iGL/p3OcGwd92YD9RsaWYGH+cb5USBRaR/rLVnF
J7eb4UnccJ0=
=SbiR
-----END PGP SIGNATURE-----