SCO Information for VU#569272

System V derived login contains a remotely exploitable buffer overflow

Status

Affected

Vendor Statement

___________________________________________________________________________

Caldera International, Inc. Security Advisory

Subject: OpenServer: /bin/login and /etc/getty argument buffer overflow
Advisory number: CSSA-2001-SCO.40
Issue date: 2001 December 14
Cross reference:
___________________________________________________________________________


1. Problem Description

A remotely exploitable buffer overflow exists in /bin/login
and /etc/getty. Attackers can exploit this vulnerability to
gain root access to the server.


2. Vulnerable Versions

Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <= 5.0.6a /bin/login
/etc/getty


3. Workaround

None.


4. OpenServer

4.1 Location of Fixed Binaries

ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/

erg711877.506.tar.Z is the patch for SCO OpenServer Release
5.0.6, with or without Release Supplement 5.0.6a (rs506a).
Note that other security issues are corrected by rs506a; we
strongly recommend installing it on all 5.0.6 systems.

erg711877.505.tar.Z is the patch for SCO OpenServer Release
5.0.5 and earlier. Although it should work with all releases
5.0.0 through 5.0.5, it has not yet been tested on every
release.


4.2 Verification

md5 checksums:

e1748ebb4710796620c15017e52eecc0 erg711877.505.tar.Z
627a41d22040872f967cb5387c7e629c erg711877.506.tar.Z


md5 is available for download from

ftp://stage.caldera.com/pub/security/tools/


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

For 5.0.6 and 5.0.6a:

Download erg711877.506.tar.Z to the /tmp directory

# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.506.tar.Z
# cd /
# tar xvf /tmp/erg711877.506.tar

For pre-5.0.6:

Download erg711877.505.tar.Z to the /tmp directory

# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.505.tar.Z
# cd /
# tar xvf /tmp/erg711877.505.tar


5. References

http://www.cert.org/advisories/CA-2001-34.html
http://www.kb.cert.org/vuls/id/569272
http://xforce.iss.net/alerts/advise105.php

This and other advisories are located at
http://stage.caldera.com/support/security

This advisory addresses Caldera Security internal incidents
sr854610, SCO-559-1318, erg711877.


6. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.


7. Acknowledgements

This vulnerability was discovered and researched by Mark Dowd
of the ISS X-Force.


___________________________________________________________________________

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.