Caldera: UnixWare buffer overflow Date: Friday, August 23 2002 Topic: Security The ndcfg command raises its privileges with the security subsystem (as opposed to being setuid), and has a buffer overlow in its command line processing. This could allow a malicious user to run code of their choice with raised privileges.    Caldera International, Inc.  Security Advisory Subject:                UnixWare 7.1.1 Open UNIX 8.0.0 : command line buffer overflow in ndcfg Advisory number:        CSSA-2002-SCO.36 Issue date:             2002 August 21 Cross reference: ______________________________________________________________________________ 1. Problem Description         The ndcfg command raises its privileges with the security         subsystem (as opposed to being setuid), and has a buffer         overlow in its command line processing. This could allow a         malicious user to run code of their choice with raised         privileges. 2. Vulnerable Supported Versions         System                          Binaries         ----------------------------------------------------------------------         UnixWare 7.1.1                  /usr/lib/netcfg/bin/ndcfg         Open UNIX 8.0.0                 /usr/lib/netcfg/bin/ndcfg 3. Solution         The proper solution is to install the latest packages. 4. UnixWare 7.1.1         4.1 Location of Fixed Binaries          ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36         4.2 Verification         MD5 (erg712108.pkg.Z) = f8530ac78e14157fd134fd1f0846ba3c         md5 is available for download from                  ftp://ftp.caldera.com/pub/security/tools         4.3 Installing Fixed Binaries                 Upgrade the affected binaries with the following commands:         Download erg712108.pkg.Z to the /var/spool/pkg directory         # uncompress /var/spool/pkg/erg712108.pkg.Z         # pkgadd -d /var/spool/pkg/erg712108.pkg 5. Open UNIX 8.0.0         5.1 Location of Fixed Binaries          ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36         5.2 Verification         MD5 (erg712108.pkg.Z) = f8530ac78e14157fd134fd1f0846ba3c         md5 is available for download from                  ftp://ftp.caldera.com/pub/security/tools         5.3 Installing Fixed Binaries                 Upgrade the affected binaries with the following commands:         Download erg712108.pkg.Z to the /var/spool/pkg directory         # uncompress /var/spool/pkg/erg712108.pkg.Z         # pkgadd -d /var/spool/pkg/erg712108.pkg 6. References         Specific references for this advisory:                  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0981         Caldera security resources:                  http://www.caldera.com/support/security/index.html         This security fix closes Caldera incidents sr868384, fz525920,         erg712108. 7. Disclaimer         Caldera International, Inc. is not responsible for the         misuse of any of the information we provide on this website         and/or through our security advisories. Our advisories are         a service to our customers intended to promote secure         installation and use of Caldera products. 8. Acknowledgements         This issue was discovered during an internal security audit. This article comes from osforge.com http://www.osforge.com The URL for this story is: http://www.osforge.com/news/00842.html