Users login

Create an account »


Users login

Home » Hacking News » CSSA-2002-SCO.3-UnixWare 7: message catalog environment variable vuln.

CSSA-2002-SCO.3-UnixWare 7: message catalog environment variable vuln.

by Nikola Strahija on February 7th, 2002 The library functions that manipulated message catalogs could be subverted via environment variables to use a user's own message catalogs, possibly causing a set{uid,gid} program to memory fault, allowing the possibility of a privilege escalation vulnerability.

2. Vulnerable Supported Versions

Operating System Version Affected Files
UnixWare 7 7.1.1 /usr/lib/

3. Workaround


4. UnixWare 7

4.1 Location of Fixed Binaries

4.2 Verification

MD5 (erg711179.Z) = 89b893bc581c8b9601a95a9271268c47

md5 is available for download from

4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg711179.Z to the /tmp directory

# uncompress /tmp/erg711179.Z
# pkgadd -d /tmp/erg711179


This and other advisories are located at

This advisory addresses Caldera Security internal incidents
sr859904, fz512992, erg711179.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »