Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Caldera - CSSA-2002-SCO.2 - Open UNIX, UnixWare 7 - sort

Caldera - CSSA-2002-SCO.2 - Open UNIX, UnixWare 7 - sort

by Nikola Strahija on January 27th, 2002 The sort command created temporary files in an insecure manner. This could be used by an unauthorized user to gain privilege.


___________________________________________________________________________

Caldera International, Inc. Security Advisory

Subject: Open UNIX, UnixWare 7: sort creates temporary files insecurely
Advisory number: CSSA-2002-SCO.2
Issue date: 2002 January 24
Cross reference:
___________________________________________________________________________


1. Problem Description

The sort command created temporary files in an insecure
manner. This could be used by an unauthorized user to gain
privilege.


2. Vulnerable Versions

Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.* /usr/bin/sort
Open UNIX 8.0.0 /usr/bin/sort


3. Workaround

None.


4. UnixWare 7, Open UNIX 8

4.1 Location of Fixed Binaries

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.2/


4.2 Verification

MD5 (erg711766.Z) = 7e640423400147d3c1c905c1ad0cfe23


md5 is available for download from

ftp://stage.caldera.com/pub/security/tools/


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg711766.Z to the /tmp directory

# uncompress /tmp/erg711766.Z
# pkgadd -d /tmp/erg711766


5. References

This and other advisories are located at
http://stage.caldera.com/support/security

This advisory addresses Caldera Security internal incidents
sr848816, fz518198, erg711766.


6. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.


___________________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »