SCO Information for VU#569272

System V derived login contains a remotely exploitable buffer overflow



Vendor Statement


Caldera International, Inc. Security Advisory

Subject: OpenServer: /bin/login and /etc/getty argument buffer overflow
Advisory number: CSSA-2001-SCO.40
Issue date: 2001 December 14
Cross reference:

1. Problem Description

A remotely exploitable buffer overflow exists in /bin/login
and /etc/getty. Attackers can exploit this vulnerability to
gain root access to the server.

2. Vulnerable Versions

Operating System Version Affected Files
OpenServer <= 5.0.6a /bin/login

3. Workaround


4. OpenServer

4.1 Location of Fixed Binaries

erg711877.506.tar.Z is the patch for SCO OpenServer Release
5.0.6, with or without Release Supplement 5.0.6a (rs506a).
Note that other security issues are corrected by rs506a; we
strongly recommend installing it on all 5.0.6 systems.

erg711877.505.tar.Z is the patch for SCO OpenServer Release
5.0.5 and earlier. Although it should work with all releases
5.0.0 through 5.0.5, it has not yet been tested on every

4.2 Verification

md5 checksums:

e1748ebb4710796620c15017e52eecc0 erg711877.505.tar.Z
627a41d22040872f967cb5387c7e629c erg711877.506.tar.Z

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

For 5.0.6 and 5.0.6a:

Download erg711877.506.tar.Z to the /tmp directory

# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.506.tar.Z
# cd /
# tar xvf /tmp/erg711877.506.tar

For pre-5.0.6:

Download erg711877.505.tar.Z to the /tmp directory

# mv /bin/login /bin/login-
# mv /etc/getty /etc/getty-
# chmod 0 /bin/login- /etc/getty-
# uncompress erg711877.505.tar.Z
# cd /
# tar xvf /tmp/erg711877.505.tar

5. References

This and other advisories are located at

This advisory addresses Caldera Security internal incidents
sr854610, SCO-559-1318, erg711877.

6. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.

7. Acknowledgements

This vulnerability was discovered and researched by Mark Dowd
of the ISS X-Force.


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.