SA-1997.20.txt
fa6cf36fcf0b7888473421d9519631c26d12d22b8fb78631405e6581584bdc72
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.20: Vulnerability in traceroute
Caldera Security Advisory SA-1997.20
Original report date: 20-Aug-1997
RPM build date: 03-Sep-1997
Advisory issue date: 22-Sep-1997
Topic: Vulnerability in traceroute package
I. Problem Description
The traceroute command had a buffer overflow problem that had
the various security related exploit possibilities. Details and
specifics of the exploit possibilities have not been disclosed
for general public knowledge.
II. Impact
The traceroute package prior to release 1.4a5-3 distributed on
the following OpenLinux releases are vulnerable:
CND 1.0
Base 1.0
Lite 1.1
Base 1.1
Standard 1.1
This new traceroutes has been found to function properly on all of
the distributions shown above.
III. Solution
Install the new traceroute-1.4a5-3 package, as described below.
Both source and binary packages are located on Caldera's FTP
server (ftp.caldera.com):
Binary files can be obtained at:
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/RPMS
Source files can be obtained at:
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/SRPMS
To install the update on COL Base 1.0 or any OpenLinux 1.1 release
use the following commands:
rpm -e traceroute
rpm -i RPMS/traceroute-1.4a5-3.i386.rpm
The CND version of this RPM can be obtained at:
ftp://ftp.caldera.com/pub/cnd-1.0/updates
To install the update on CND 1.0 use the following command:
rpm --force -i RPMS/cnd10_traceroute-1.4a5-3.i386.rpm
The source for the CND 1.0 version is the same as for the other
releases.
Note:
If you are running on CND 1.0 you must first obtain and properly
install the rpm-upgrade-0.9-1.i386.rpm. This will allow you to
use rpm's built for the OpenLinux releases. This rpm upgrade can
be found at ftp.caldera.com under "/pub/cnd-1.0/updates".
IV. References / Credits
This update fixes Caldera's internal problem report #886.
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
V. PGP Signature
This message was signed with the PGP key for <security@caldera.com>.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
$Id: SA-1997.20,v 1.1 1997/09/22 22:39:30 ron Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNCbz1un+9R4958LpAQHefgP/UR/J7eHBVQZeN3zkFZ1OiLo7A2+UP+jt
QYA/kgQ8Rl1TKN0RgoDTOXlETnjTyyjKEsmiI/FNHAEQiknqjjtqWCgkIj2i60qT
yFwg/5kzAcHGsIMGqAHHY36DjanwfnXyU+A9J7+QVlFHyvPmXGR7eVz1LgVNi0Us
jxrQuxmz/2E=
=yTga
-----END PGP SIGNATURE-----