CSSA-2002-SCO.17.txt

CSSA-2002-SCO.17.txt: Posted May 7, 2002; Authored by Kevin Finisterre, Caldera | Site stage.caldera.com; Caldera Security Advisory CSSA-2002-SCO.17 - A buffer overflow found in how the sar can be used to execute shellcode with elevated privileges on Caldera OpenServer 5.0.5 systems.; tags | overflow, shellcode; SHA-256 | b2227264615ef07d201eb3e93c99b69dd64badf1fc46ac112f0c1c6cc2510596; Download | Favorite | View

CSSA-2002-SCO.17.txt


______________________________________________________________________________

    Caldera International, Inc.  Security Advisory

Subject:    OpenServer 5.0.5 : sar -o buffer overflow
Advisory number:   CSSA-2002-SCO.17
Issue date:     2002 May 01
Cross reference:
______________________________________________________________________________


1. Problem Description

  If the /usr/bin/sar command is given an exceedingly long
  argument to the o option, it will memory fault. This could
  allow a malicious user to elevate their permissions.


2. Vulnerable Supported Versions

  System        Binary
  ----------------------------------------------------------------------
  OpenServer 5.0.5    /usr/bin/sar
          /usr/lib/sa/sadc
          /usr/bin/cpusar
          /usr/bin/mpsar

3. Solution

  The proper solution is to install the latest packages.


4. OpenServer 5.0.5

  4.1 Location of Fixed Binaries

  ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17


  4.2 Verification

  MD5 (VOL.000.000) = f912fe801263863956c257c4ef395570

  md5 is available for download from
    ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

  Upgrade the affected binaries with the following commands:

  1) Download the VOL* files to the /tmp directory

  Run the custom command, specify an install from media images,
  and specify the /tmp directory as the location of the images.


5. References

  Specific references for this advisory:
    none

  Caldera UNIX security resources:
    http://stage.caldera.com/support/security/

  Caldera OpenLinux security resources:
    http://www.caldera.com/support/security/index.html

  This security fix closes Caldera incidents sr862424, fz520480,
  erg712003.


6. Disclaimer

  Caldera International, Inc. is not responsible for the
  misuse of any of the information we provide on this website
  and/or through our security advisories. Our advisories are
  a service to our customers intended to promote secure
  installation and use of Caldera products.


7. Acknowledgements

  Caldera would like to thank KF <dotslash@snosoft.com> for
  discovering this problem, researching it, and alerting us.
  And being patient, too.

______________________________________________________________________________

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

CSSA-2002-SCO.17.txt

CSSA-2002-SCO.17.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CSSA-2002-SCO.17.txt

Share This

CSSA-2002-SCO.17.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems