To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.n
etsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

      SCO Security Advisory

Subject:    OpenServer 5.0.5 : Insecure creation of files in /tmp
Advisory number:   CSSA-2003-SCO.27
Issue date:     2003 October 20
Cross reference:  sr865679 fz521201 erg712072 CAN-2003-0872
______________________________________________________________________________


1. Problem Description

  Several scripts use files /tmp in a insecure way. These
  filenames can be symlinked to by a malicious user, and cause
  various nefarious things to happen. 

  OpenServer 5.0.6 has previously fixed all these scripts,
  hence this issue does not affect OpenServer 5.0.6 or 5.0.7.  

  The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2003-0872 to this issue. This is a candidate for
        inclusion in the CVE list (http://cve.mitre.org), which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.

2. Vulnerable Supported Versions

  System        Binaries
  ----------------------------------------------------------------------
  OpenServer 5.0.5     /etc/init.d/VDISK
          /etc/init.d/VDRESTORE
          /etc/tcp
          /usr/lib/mkdev/hostmib
          /etc/init.d/hostmib
          /etc/nfs
          /etc/nis
          /etc/rpcinit
          /usr/lib/cleantmp

3. Solution

  The proper solution is to install the latest packages.


4. OpenServer 5.0.5

  4.1 Location of Fixed Binaries

  ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27


  4.2 Verification

  MD5 (VOL.000.000) = 24ea1000e89272a3d2f12d9fd05de83f

  md5 is available for download from
    ftp://ftp.sco.com/pub/security/tools


  4.3 Installing Fixed Binaries

  Upgrade the affected binaries with the following sequence:

  1) Download the VOL* files to the /tmp directory

  2) Run the custom command, specify an install from media
  images, and specify the /tmp directory as the location of
  the images.


5. References

  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0872

  SCO security resources:
    http://www.sco.com/support/security/index.html

  This security fix closes SCO incidents sr865679 fz521201
  erg712072.


6. Disclaimer

  SCO is not responsible for the misuse of any of the information
  we provide on this website and/or through our security
  advisories. Our advisories are a service to our customers
  intended to promote secure installation and use of SCO
  products.

7. Acknowledgments

        These vulnerabilities were discovered by Tomasz Kusmierz.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/lHnpaqoBO7ipriERAmjsAKCKdkBHb9SdVFuJILsGQR77ULb7cQCfR+Gm
I44TmGqRUrGA8q2pjJ/RVc0=
=S+GY
-----END PGP SIGNATURE-----