Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-SCO.3-UnixWare 7: message catalog environment variable vuln.

CSSA-2002-SCO.3-UnixWare 7: message catalog environment variable vuln.

by Nikola Strahija on February 7th, 2002 The library functions that manipulated message catalogs could be subverted via environment variables to use a user's own message catalogs, possibly causing a set{uid,gid} program to memory fault, allowing the possibility of a privilege escalation vulnerability.


2. Vulnerable Supported Versions

Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 7.1.1 /usr/lib/libc.so.1


3. Workaround

None.


4. UnixWare 7

4.1 Location of Fixed Binaries

ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/


4.2 Verification

MD5 (erg711179.Z) = 89b893bc581c8b9601a95a9271268c47

md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/


4.3 Installing Fixed Binaries

Upgrade the affected binaries with the following commands:

Download erg711179.Z to the /tmp directory

# uncompress /tmp/erg711179.Z
# pkgadd -d /tmp/erg711179


References

This and other advisories are located at
http://stage.caldera.com/support/security

This advisory addresses Caldera Security internal incidents
sr859904, fz512992, erg711179.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »