CSSA-2002-SCO.3-UnixWare 7: message catalog environment variable vuln.
by Nikola Strahija on February 7th, 2002 The library functions that manipulated message catalogs could be subverted via environment variables to use a user's own message catalogs, possibly causing a set{uid,gid} program to memory fault, allowing the possibility of a privilege escalation vulnerability.
2. Vulnerable Supported Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.1 /usr/lib/libc.so.1
3. Workaround
None.
4. UnixWare 7
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/
4.2 Verification
MD5 (erg711179.Z) = 89b893bc581c8b9601a95a9271268c47
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download erg711179.Z to the /tmp directory
# uncompress /tmp/erg711179.Z
# pkgadd -d /tmp/erg711179
References
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr859904, fz512992, erg711179.
