-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1997.23: Update on rdist vulnerability Caldera Security Advisory SA-1997.23 RPM build date: N/A Advisory issue date: 29-Sep-1997 Topic: Update on rdist vulnerability I. Problem Description CERT Advisory CA-97.23 describes a vulnerability with the "rdist" program that is available on many Unix systems. This problem allows users to gain root privileges. The rdist program must be installed with set-user-id root for this vulnerability to exist. II. Impact On vulnerable systems (AIX, Solaris, etc), normal users have the ability to gain root access on a local host. III. Solution Neither Caldera Network Desktop or Caldera OpenLinux ship rdist set-user-id root and are thus NOT vulnerable. This advisory is being made available simply to inform Caldera users that this vulnerability does NOT exist on Caldera systems. IV. References / Credits The original CERT advisory on this subject can be found at: ftp://info.cert.org/pub/cert_advisories/CA-97.23.rdist This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ V. PGP Signature This message was signed with the PGP key for . This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1997.23,v 1.1 1997/09/29 22:40:14 ron Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNDAubun+9R4958LpAQHqPAQAiSsvyt7Xp+CDG9FINrbPzTbgJKzVvkWe DMcXvI6powX7QhkAkamoHD8fTFQkec9NkPkJoQ17BktSU1aDv5VSNbSIo7/wGjUP fmCfiF+yxcj/ORXZeKM10qkwABmuWJa15r8g52Lv7D5z90UolBS6L4FmX0fbZOZn xw53uRkhyDc= =S4V5 -----END PGP SIGNATURE-----