Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in mgetty
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mgetty
ID: CSSA-2003-021.0
Distribution: Caldera
Plattformen: Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: Mi, 14. Mai 2003, 13:00
Referenzen: Keine Angabe
Applikationen: mgetty

Originalnachricht

 
______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: mgetty caller ID buffer overflow and spool perm
 vulnerabilities
Advisory number: 	CSSA-2003-021.0
Issue date: 		2003 May 13
Cross reference:
______________________________________________________________________________


1. Problem Description

	mgetty will overflow an internal buffer if the caller name
	reported by the modem is too long.

	The faxspool spooling directory used for outgoing faxes was
	world-writable.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to mgetty-1.1.22_Aug17-13.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to mgetty-1.1.22_Aug17-13.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-021.0/RPMS

	4.2 Packages

	be191369c6a4c96ea8bfacfc4e9842ac	mgetty-1.1.22_Aug17-13.i386.rpm

	4.3 Installation

	rpm -Fvh mgetty-1.1.22_Aug17-13.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-021.0/SRPMS

	4.5 Source Packages

	cff0b40ec866ac025898a0a8c629d29a	mgetty-1.1.22_Aug17-13.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-021.0/RPMS

	5.2 Packages

	ffe360af815ee57e3f55d29ebdfe8023	mgetty-1.1.22_Aug17-13.i386.rpm

	5.3 Installation

	rpm -Fvh mgetty-1.1.22_Aug17-13.i386.rpm

	5.4 Source Package Location

	SRPMS

	5.5 Source Packages

	eeea9f8538004266355c7ff6e2c649d9	mgetty-1.1.22_Aug17-13.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876805, fz527691,
	erg712287.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.

______________________________________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung