-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.02: Vulnerability in routed

Original report date:  08-Jan-1998
RPM build date:    08-Jan-1998
Advisory issue date:  13-Jan-1998

Topic: Vulnerability in routed package


I. Problem Description

  A vulnerability exists within routed which will allow an
  attacker to turn on debug mode and specify a file to open
  for appending data.


II. Impact

  The attacker can append data to any file on the system if the
  router daemon "routed" is running.  Caldera installations are
  set up by default so they do not run routed, however we recommend
  that all Caldera users update now even if they are not currently
  starting routed.

  This problem was present on the following OpenLinux releases:

    CND 1.0
    Base 1.0
    Lite 1.1
    Base 1.1
    Standard 1.1
  

III. Solution

  Install the new netkit-routed package that contains the fixed
  routed daemon.  The binary RPM package is located on Caldera's
  FTP server (ftp.caldera.com):

  /pub/openlinux/updates/1.1/current/RPMS/netkit-routed-0.10-2.i386.rpm

  Source code in an RPM format can also be obtained from:

  /pub/openlinux/updates/1.1/current/SRPMS/netkit-routed-0.10-2.src.rpm
  
  To install the new package execute (as root) the following command:

    rpm -U routed-0.10-2.i386.rpm
  
  The MD5 checksums (from the "md5sum" command) for these packages
  are:

  e215ee673427f0526110be3f14af4585  netkit-routed-0.10-2.i386.rpm
  0186e22b95375835531f1cb39ee8a64a  netkit-routed-0.10-2.src.rpm


IV. References

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This security advisory report is based on the posting to the
  Bugtraq email list:

  From:           (Aleph One) aleph1@DFW.NET
  To:             BUGTRAQ@NETSPACE.ORG
  Subject:        riptrace.c
  Date:           Thu, 8 Jan 1998 15:19:03 -0600
  Message-ID:     Pine.SUN.3.94.980108151813.18345G-100000@dfw.dfw.net

  http://www.netspace.org/cgi-bin/wa?A1=ind9801b&L=bugtraq#26

  This update closes Caldera internal problem report #1545.


V. PGP Signature

  This message was signed with the PGP key for security@caldera.com.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1998.02,v 1.3 1998/01/14 05:40:39 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNLxP+On+9R4958LpAQHzowQAlEZ5gT4mj89r8W+zLrqiOWpzfxd3wqS1
BwhMklRAeJdiEJpynGa/InHDfkLJXZpVTQAbJeX7Yr1eKNoQNhLDFwiXV/ksP2xI
MPEe861ewd6q72FUz1IJ878ANe3G6QzoiiL1pbSTTe6flg4eHiuFSoZ4UYvlWE5S
voXX1kcaR+o=
=6Z1b
-----END PGP SIGNATURE-----