SA-1997.23.txt
b56d1d8fa772a90f180e4d99a258ce03654498f15055c54f8140b16e875f0e80
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.23: Update on rdist vulnerability
Caldera Security Advisory SA-1997.23
RPM build date: N/A
Advisory issue date: 29-Sep-1997
Topic: Update on rdist vulnerability
I. Problem Description
CERT Advisory CA-97.23 describes a vulnerability with the "rdist"
program that is available on many Unix systems. This problem
allows users to gain root privileges. The rdist program must
be installed with set-user-id root for this vulnerability to
exist.
II. Impact
On vulnerable systems (AIX, Solaris, etc), normal users have the
ability to gain root access on a local host.
III. Solution
Neither Caldera Network Desktop or Caldera OpenLinux ship rdist
set-user-id root and are thus NOT vulnerable. This advisory
is being made available simply to inform Caldera users that
this vulnerability does NOT exist on Caldera systems.
IV. References / Credits
The original CERT advisory on this subject can be found at:
ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
V. PGP Signature
This message was signed with the PGP key for <security@caldera.com>.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
$Id: SA-1997.23,v 1.1 1997/09/29 22:40:14 ron Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNDAubun+9R4958LpAQHqPAQAiSsvyt7Xp+CDG9FINrbPzTbgJKzVvkWe
DMcXvI6powX7QhkAkamoHD8fTFQkec9NkPkJoQ17BktSU1aDv5VSNbSIo7/wGjUP
fmCfiF+yxcj/ORXZeKM10qkwABmuWJa15r8g52Lv7D5z90UolBS6L4FmX0fbZOZn
xw53uRkhyDc=
=S4V5
-----END PGP SIGNATURE-----