-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.20: Vulnerability in traceroute

Caldera Security Advisory SA-1997.20

Original report date:  20-Aug-1997
RPM build date:        03-Sep-1997
Advisory issue date:   22-Sep-1997

Topic: Vulnerability in traceroute package

I. Problem Description

  The traceroute command had a buffer overflow problem that had 
  the various security related exploit possibilities. Details and
  specifics of the exploit possibilities have not been disclosed
  for general public knowledge.

II. Impact

  The traceroute package prior to release 1.4a5-3 distributed on
  the following OpenLinux releases are vulnerable:

    CND 1.0
    Base 1.0
    Lite 1.1
    Base 1.1
    Standard 1.1

  This new traceroutes has been found to function properly on all of
  the distributions shown above.

III. Solution

  Install the new traceroute-1.4a5-3 package, as described below.

  Both source and binary packages are located on Caldera's FTP
  server (ftp.caldera.com):

  Binary files can be obtained at:
  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS

  Source files can be obtained at:
  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS

  To install the update on COL Base 1.0 or any OpenLinux 1.1 release
  use the following commands:
    rpm -e traceroute
    rpm -i RPMS/traceroute-1.4a5-3.i386.rpm

  The CND version of this RPM can be obtained at:
  ftp://ftp.caldera.com/pub/cnd-1.0/updates

  To install the update on CND 1.0 use the following command:
    rpm --force -i RPMS/cnd10_traceroute-1.4a5-3.i386.rpm

  The source for the CND 1.0 version is the same as for the other
  releases.

  Note:
  If you are running on CND 1.0 you must first obtain and properly
  install the rpm-upgrade-0.9-1.i386.rpm. This will allow you to
  use rpm's built for the OpenLinux releases. This rpm upgrade can
  be found at ftp.caldera.com under "/pub/cnd-1.0/updates".


IV. References / Credits

  This update fixes Caldera's internal problem report #886.

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

V. PGP Signature

  This message was signed with the PGP key for <security@caldera.com>.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.20,v 1.1 1997/09/22 22:39:30 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNCbz1un+9R4958LpAQHefgP/UR/J7eHBVQZeN3zkFZ1OiLo7A2+UP+jt
QYA/kgQ8Rl1TKN0RgoDTOXlETnjTyyjKEsmiI/FNHAEQiknqjjtqWCgkIj2i60qT
yFwg/5kzAcHGsIMGqAHHY36DjanwfnXyU+A9J7+QVlFHyvPmXGR7eVz1LgVNi0Us
jxrQuxmz/2E=
=yTga
-----END PGP SIGNATURE-----