-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.21: Vulnerability in "man" command

Caldera Security Advisory SA-1997.21

RPM build date:		27-Aug-1997
Advisory issue date:	26-Sep-1997
Last updated:		27-Nov-1997

Topic: Vulnerability in the "man" command

I. Problem Description

	A problem exists within the man and man_db packages where setgid
	privileges are not properly revoked.  The problem is worse on systems
	that have man-page directories with improper permissions.

II. Impact

	On systems such as Caldera OpenLinux 1.1, an unprivileged user can
	corrupt man pages to allow any user to gain additional privileges.

	This problem was present on the following OpenLinux releases:

		CND 1.0
		Base 1.0
		Lite 1.1
		Base 1.1
		Standard 1.1

	To determine if you are affected and need this update you may do
	the following:

		rpm -qv man_db

	If the results show man_db-2.3.10-2 or earlier then you will need to
	update (remove the man_db RPM and install the new man RPM).

III. Solution

	The proper solution is to install the new man package that contains
	the fixed versions of the man pager.  It is located on Caldera's
	FTP server (ftp.caldera.com):

	/pub/openlinux/updates/1.1/current/RPMS/ for the binaries.
	/pub/openlinux/updates/1.1/current/SRPMS/ for the sources.

	Note: If you are running on CND 1.0 you must first obtain
	and properly install the rpm-upgrade-0.9-1.i386.rpm. This will
	allow you to use rpms built for the OpenLinux releases. This rpm
	upgrade can be found at ftp.caldera.com under /pub/cnd-1.0/updates.

	Installation of the new man pager is as follows:

		1) Close all man pages that you may have running.
		2) rpm -e man_db
		3) rpm -i RPMS/man-1.4i-1.i386.rpm
		4) Update /etc/crontab (see below)
		5) Open a man page to verify that it works. (ie. man man)

	The MD5 checksum (from the "md5sum" command) for this package is:

	f63fafaa832c3cb62f897dcc658ff5e6  RPMS/man-1.4i-1.i386.rpm
	0fde11d4d42e08626de2565624424de8  SRPMS/man-1.4i-1.src.rpm

	The file /etc/crontab needs to have the reference to the "mandb"
	command removed.  The standard /etc/crontab file has the following
	two lines:

		# Make the man databases
		21 03 * * 1 root /usr/bin/mandb -c -q

	Please remove these lines as part as implementing this Security
	Advisory.  The following script will remove these lines:

		#!/bin/bash
		grep -v -e '# Make the man databases' \
		      -e '/usr/bin/mandb -c' /etc/crontab > /tmp/crontab.new
		mv /etc/crontab.new /etc/crontab

IV. References / Credits

	Andries Brouwer for a fixed man-1.4i package.

	This and other Caldera security resources are located at:

		http://www.caldera.com/tech-ref/security/

V. PGP Signature

	This message was signed with the PGP key for <security@caldera.com>.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1997.21,v 1.2 1997/11/27 19:50:50 ron Exp ron $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNH3Pgen+9R4958LpAQEBXAP/e8a7ko25wbxUvVJJQryn/xujINg11uV9
c5dL5TOmVNA+pcIItuF8PvcRt85VHPDw5pgo0ViD2Q6lKRkXcxR6dJZy9eg6QqP9
dMXAW1fYxYZFGWa1fgDhTQ7ODlfuAWtF9llP1fSA957ReTsV3Wgoavlp0BvFASSR
01B3iId2HrU=
=u+hn
-----END PGP SIGNATURE-----