|
|
Home : Advisories : Patch for kernel security issue
| Title: |
Patch for kernel security issue |
| Released by: |
SCO |
| Date: |
7th June 1996 |
| Printable version: |
Click here |
===========================================================================
SCO Security Bulletin 96:001
June 7, 1996
Patch for kernel security issue
- ---------------------------------------------------------------------------
The Santa Cruz Operation has discovered the following problem present in
our Software:
I. Description
A problem in a kernel error handling routine may allow unauthorized
root access to the system.
II. Impact
Any user with an account on the system may be able to gain root
access by forcibly causing a particular kernel error handling routine
to be executed. To gain access would require that the user intentionally
write and then execute a program to exploit this problem. Alternatively,
a user could unintentionally allow root access by executing a program
previously written to take advantage of the problem.
III. Releases
This problem exists on the following releases of SCO Products:
SCO OpenServer 5
SCO OpenServer 5.0.2
SCO Internet FastStart 1.0
IV. Solution
SCO is providing the following (S)upport (L)evel (S)upplement
to address the issue. It is recommended that all systems installed
with one of the above releases also have SLS oss436a installed.
SLS oss436a is available as follows:
Anonymous ftp:
- --------------
http://ftp.sco.COM/SLS/oss436a.Z (patch disk)
http://ftp.sco.COM/SLS/oss436a.ltr.Z (cover letter/install notes)
UUCP:
- -----
This SLS is also available to be downloaded via UUCP from the following
machines:
sosco (USA)
scolon (United Kingdom)
The file names are:
/usr/spool/uucppublic/SLS/oss436a.Z
/usr/spool/uucppublic/SLS/oss436a.ltr.Z
Telephone numbers and login names for UUCP are provided in the
default /usr/lib/uucp/Systems file that ships with every SCO Operating
System.
Compuserve:
- -----------
SLS oss436a is also available in Library 11 in the SCO Forum
on Compuserve.
SCO Online Support (SOS) BBS:
- -----------------------------
SLS oss436 can also be downloaded interactively via X, Y, Z MODEM or Kermit,
using the SCO Online Support System (SOS). Follow the menus selections under
"Toolchest" from the main SOS menu.
List of phone numbers available for interactive transfer from SOS are:
1-408-426-9495 (USA)
+44 (0)1923 210 888 (United Kingdom)
Checksums:
- ----------
MD5:
MD5 (oss436a.Z) = e1e76be4486958b64c996cd3a8a1a4ff
MD5 (oss436a.ltr.Z) = bbe35e5e4109b4f547757a37ab40f47b
sum -r:
06102 43 oss436a.Z
54199 5 oss436a.ltr.Z
Please note that these files are compressed. You must use the uncompress(C)
command on these files before following the installation instructions in
the resultant oss436a.ltr file.
If you have further questions, contact your support provider. If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows.
USA/Canada: 6am-5pm Pacific Daylight Time (PDT)
-----------
1-800-347-4381 (voice)
1-408-427-5443 (fax)
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
------------------------------------------------ Daylight Time
(PDT)
1-408-425-4726 (voice)
1-408-427-5443 (fax)
Europe, Middle East, Africa: 9am-5:30pm Greenwich Mean Time (GMT)
----------------------------
+44 (0)1923 816344 (voice)
+44 (0)1923 817781 (fax)
|
