drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in slocate
Name: |
Pufferüberlauf in slocate
|
|
ID: |
CSSA-2003-009.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Fr, 7. März 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Secure Locate |
|
Originalnachricht |
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: slocate command line buffer overflows Advisory number: CSSA-2003-009.0 Issue date: 2003 March 06 Cross reference: ______________________________________________________________________________
1. Problem Description
The slocate command suffers from two command line buffer overflows.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1.1 Workstation prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1 Server prior to slocate-2.6-3.i386.rpm
OpenLinux 3.1 Workstation prior to slocate-2.6-3.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/RPMS
4.2 Packages
d357c2ee6bd94601dc6be091ddf8082e slocate-2.6-3.i386.rpm
4.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/SRPMS
4.5 Source Packages
7125d9ef9ec4c3285112fbfabf239a5f slocate-2.6-3.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-009.0/RPMS
5.2 Packages
685e16e765ceaed906a59e65860848b2 slocate-2.6-3.i386.rpm
5.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
4f513aebf7046701c41eee72f8e15c2a slocate-2.6-3.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/RPMS
6.2 Packages
ce609a2df9f795106913c60a86c30427 slocate-2.6-3.i386.rpm
6.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/SRPMS
6.5 Source Packages
6e0da763e91bf91362d2521ef471c457 slocate-2.6-3.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/RPMS
7.2 Packages
239f88e2ba4d1db53cd49e8ab5d22b28 slocate-2.6-3.i386.rpm
7.3 Installation
rpm -Fvh slocate-2.6-3.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/SRPMS
7.5 Source Packages
1bd5b95650c530fbe48d58d7bdc2dd8d slocate-2.6-3.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr873878, fz527219, erg712211, erg712226.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
10. Acknowledgements
Knight420 and Gregory Duchemin <c3rb3r@hotmail.com> discovered and investigated these vulnerabilities.
______________________________________________________________________________
|
|
|
|