From proff Wed Jun 12 16:16:39 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id QAA06262 for best-of-security; Wed, 12 Jun 1996 16:16:39 +1000 Received: from pdx1 (pdx1.world.net [192.243.32.18]) by suburbia.net (8.7.4/Proff-950810) with SMTP id PAA05175 for ; Wed, 12 Jun 1996 15:54:19 +1000 Received: from why.cert.org (why.cert.org [192.88.210.60]) by pdx1 (8.6.9/8.6.9) with ESMTP id NAA19255 for ; Tue, 11 Jun 1996 13:15:22 -0700 Received: (from cert-advisory@localhost) by why.cert.org (8.6.12/CERT-ecd.1) id PAA06187 for cert-advisory-queue-4; Tue, 11 Jun 1996 15:30:18 -0400 Date: Tue, 11 Jun 1996 15:30:18 -0400 Message-Id: <199606111930.PAA06187@why.cert.org> From: CERT Bulletin To: cert-advisory@cert.org Subject: CERT Vendor-Initiated Bulletin VB-96.10 - The Santa Cruz Operation Reply-To: cert-advisory-request@cert.org Organization: CERT(sm) Coordination Center - +1 412-268-7090 Sender: proff -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Vendor-Initiated Bulletin VB-96.10 June 11, 1996 Topic: Patch for kernel security issue Source: The Santa Cruz Operation, Inc. To aid in the wide distribution of essential security information, the CERT Coordination Center is forwarding the following information from The Santa Cruz Operation. The Santa Cruz Operation urges you to act on this information as soon as possible. Santa Cruz Operation contact information is included in the forwarded text below; please contact them if you have any questions or need further information. =======================FORWARDED TEXT STARTS HERE============================ =========================================================================== SCO Security Bulletin 96:001 June 7, 1996 Patch for kernel security issue - --------------------------------------------------------------------------- The Santa Cruz Operation has discovered the following problem present in our Software: I. Description A problem in a kernel error handling routine may allow unauthorized root access to the system. II. Impact Any user with an account on the system may be able to gain root access by forcibly causing a particular kernel error handling routine to be executed. To gain access would require that the user intentionally write and then execute a program to exploit this problem. Alternatively, a user could unintentionally allow root access by executing a program previously written to take advantage of the problem. III. Releases This problem exists on the following releases of SCO Products: SCO OpenServer 5 SCO OpenServer 5.0.2 SCO Internet FastStart 1.0 IV. Solution SCO is providing the following (S)upport (L)evel (S)upplement to address the issue. It is recommended that all systems installed with one of the above releases also have SLS oss436a installed. SLS oss436a is available as follows: Anonymous ftp: - -------------- ftp://ftp.sco.COM/SLS/oss436a.Z (patch disk) ftp://ftp.sco.COM/SLS/oss436a.ltr.Z (cover letter/install notes) UUCP: - ----- This SLS is also available to be downloaded via UUCP from the following machines: sosco (USA) scolon (United Kingdom) The file names are: /usr/spool/uucppublic/SLS/oss436a.Z /usr/spool/uucppublic/SLS/oss436a.ltr.Z Telephone numbers and login names for UUCP are provided in the default /usr/lib/uucp/Systems file that ships with every SCO Operating System. Compuserve: - ----------- SLS oss436a is also available in Library 11 in the SCO Forum on Compuserve. SCO Online Support (SOS) BBS: - ----------------------------- SLS oss436 can also be downloaded interactively via X, Y, Z MODEM or Kermit, using the SCO Online Support System (SOS). Follow the menus selections under "Toolchest" from the main SOS menu. List of phone numbers available for interactive transfer from SOS are: 1-408-426-9495 (USA) +44 (0)1923 210 888 (United Kingdom) Checksums: - ---------- MD5: MD5 (oss436a.Z) = e1e76be4486958b64c996cd3a8a1a4ff MD5 (oss436a.ltr.Z) = bbe35e5e4109b4f547757a37ab40f47b sum -r: 06102 43 oss436a.Z 54199 5 oss436a.ltr.Z Please note that these files are compressed. You must use the uncompress(C) command on these files before following the installation instructions in the resultant oss436a.ltr file. If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Daylight Time (PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Daylight Time (PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm Greenwich Mean Time (GMT) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax) ========================FORWARDED TEXT ENDS HERE============================= If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST). We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://info.cert.org/pub/CERT_PGP.key CERT Contact Information - ------------------------ Email cert@cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA CERT publications, information about FIRST representatives, and other security-related information are available from http://www.cert.org/ ftp://info.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request@cert.org CERT is a service mark of Carnegie Mellon University. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMb2+wXVP+x0t4w7BAQEvBQQAp8KnqE3Bg6bHteMqdJgW6PniY8lYHFz0 kIbz3pJDC6uE9T0nuYVN/DI+fao3dT92Cvi6+mtYDCYC1W7tn8OuxSZlmYBRu0AR iuv1qcMCgWfKVBzOIFl+vfuq2zorQ2lJ607QG7j0AjZyJc6AoyAlcXd/G2LBZnkm 1cEqlDUMY1M= =OBvI -----END PGP SIGNATURE-----