Caldera Security Advisory CSSA-2002-SCO.17 - A buffer overflow found in how the sar can be used to execute shellcode with elevated privileges on Caldera OpenServer 5.0.5 systems.
b2227264615ef07d201eb3e93c99b69dd64badf1fc46ac112f0c1c6cc2510596
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer 5.0.5 : sar -o buffer overflow
Advisory number: CSSA-2002-SCO.17
Issue date: 2002 May 01
Cross reference:
______________________________________________________________________________
1. Problem Description
If the /usr/bin/sar command is given an exceedingly long
argument to the o option, it will memory fault. This could
allow a malicious user to elevate their permissions.
2. Vulnerable Supported Versions
System Binary
----------------------------------------------------------------------
OpenServer 5.0.5 /usr/bin/sar
/usr/lib/sa/sadc
/usr/bin/cpusar
/usr/bin/mpsar
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.5
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17
4.2 Verification
MD5 (VOL.000.000) = f912fe801263863956c257c4ef395570
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
1) Download the VOL* files to the /tmp directory
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
5. References
Specific references for this advisory:
none
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr862424, fz520480,
erg712003.
6. Disclaimer
Caldera International, Inc. is not responsible for the
misuse of any of the information we provide on this website
and/or through our security advisories. Our advisories are
a service to our customers intended to promote secure
installation and use of Caldera products.
7. Acknowledgements
Caldera would like to thank KF <dotslash@snosoft.com> for
discovering this problem, researching it, and alerting us.
And being patient, too.
______________________________________________________________________________