-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.23: Update on rdist vulnerability

Caldera Security Advisory SA-1997.23

RPM build date:        N/A
Advisory issue date:   29-Sep-1997

Topic: Update on rdist vulnerability

I. Problem Description

  CERT Advisory CA-97.23 describes a vulnerability with the "rdist"
  program that is available on many Unix systems.  This problem
  allows users to gain root privileges.  The rdist program must
  be installed with set-user-id root for this vulnerability to
  exist.

II. Impact

  On vulnerable systems (AIX, Solaris, etc), normal users have the
  ability to gain root access on a local host.

III. Solution

  Neither Caldera Network Desktop or Caldera OpenLinux ship rdist
  set-user-id root and are thus NOT vulnerable.  This advisory
  is being made available simply to inform Caldera users that
  this vulnerability does NOT exist on Caldera systems.

IV. References / Credits

  The original CERT advisory on this subject can be found at:

    ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

V. PGP Signature

  This message was signed with the PGP key for <security@caldera.com>.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.23,v 1.1 1997/09/29 22:40:14 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNDAubun+9R4958LpAQHqPAQAiSsvyt7Xp+CDG9FINrbPzTbgJKzVvkWe
DMcXvI6powX7QhkAkamoHD8fTFQkec9NkPkJoQ17BktSU1aDv5VSNbSIo7/wGjUP
fmCfiF+yxcj/ORXZeKM10qkwABmuWJa15r8g52Lv7D5z90UolBS6L4FmX0fbZOZn
xw53uRkhyDc=
=S4V5
-----END PGP SIGNATURE-----