Bugtraq mailing list archives
CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 13 Oct 1998 13:03:58 -0500
---------- Forwarded message ----------
Date: Tue, 13 Oct 1998 12:21:58 -0400
From: CERT Bulletin <cert-advisory () cert org>
Reply-To: cert-advisory-request () cert org
To: cert-advisory () coal cert org
Subject: CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
CERT* Vendor-Initiated Bulletin VB-98.10
October 13, 1998
Topic: Security Vulnerabilities in "mscreen" Serial Multiscreens Utility
Source: SCO
To aid in the wide distribution of essential security information, the CERT
Coordination Center is forwarding the following information from SCO.
SCO urges you to act on this information as soon as possible. SCO contact
information is included in the forwarded text below; please contact them if
you have any questions or need further information.
=======================FORWARDED TEXT STARTS HERE============================
===========================================================================
SCO Security Bulletin 98.05
October 6, 1998
Security Vulnerabilities in "mscreen" Serial Multiscreens Utility
- ---------------------------------------------------------------------------
I. Description
Security vulnerabilities have been discovered in the SCO "mscreen"
serial multiscreens utility.
II. Impact
The vulnerabilities could allow local users to gain root privileges.
An exploit script for one of the vulnerabilities has been published,
so we recommend that the patch described below be installed on all
affected systems as soon as possible.
III. Releases
This problem exists on the following releases of SCO operating systems:
- SCO Open Desktop/Open Server 3.0 (all, also SCO UNIX 3.2v4)
- SCO OpenServer 5.0 (all, also SCO Internet FastStart)
- SCO CMW+ 3.0
Other SCO products are not affected.
IV. Solution
For SCO CMW+, the mscreen utility is non-functional; however, a binary
is installed on the system with the set-user-id attribute. This should
be disabled by executing the following command logged in as root:
# chmod 0 /usr/bin/mscreen
For SCO OpenServer 5 and SCO Open Desktop/Open Server 3, SCO is providing
an interim patch to address this issue in the form of a System Security
Enhancement (SSE) package.
SSE016 contains new versions of the mscreen binary for each system type.
It is available for Internet download via anonymous ftp, and from the
SCOFORUM on Compuserve.
You can download the SSE package as follows:
Anonymous ftp (World Wide Web URL):
ftp://ftp.sco.COM/SSE/sse016.ltr (cover letter, ASCII text)
ftp://ftp.sco.COM/SSE/sse016.tar.Z (new binaries, compressed tar file)
Compuserve:
GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames:
SSE016.LTR (cover letter, ASCII text)
SSE016.TAZ (new binaries, compressed tar file)
Checksums (sum -r):
15726 5 sse016.ltr
31228 64 sse016.tar.Z
V. Updates
This bulletin is available for anonymous ftp download from
ftp://ftp.sco.COM/SSE/security_bulletins/SB-98.05a, and will be
updated as new information becomes available.
The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/
VI. Further Information:
If you have further questions, contact your support provider. If you
need to contact SCO, please send electronic mail to support () sco COM, or
contact SCO as follows.
USA/Canada: 6am-5pm Pacific Time (PST/PDT)
-----------
1-800-347-4381 (voice)
1-408-427-5443 (fax)
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
------------------------------------------------ Time (PST/PDT)
1-408-425-4726 (voice)
1-408-427-5443 (fax)
Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
----------------------------
+44 (0)1923 816344 (voice)
+44 (0)1923 817781 (fax)
========================FORWARDED TEXT ENDS HERE=============================
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident Response
and Security Teams (FIRST). See http://www.first.org/team-info/.
We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact
the CERT staff for more information.
Location of CERT PGP key
ftp://ftp.cert.org/pub/CERT_PGP.key
CERT Contact Information
- ------------------------
Email cert () cert org
Phone +1 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30-5:00 p.m. EST
(GMT-5)/EDT(GMT-4), and are on call for
emergencies during other hours.
Fax +1 412-268-6989
Postal address
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
USA
CERT publications, information about FIRST representatives, and other
security-related information are available from
http://www.cert.org/
ftp://ftp.cert.org/pub/
CERT advisories and bulletins are also posted on the USENET newsgroup
comp.security.announce
To be added to our mailing list for CERT advisories and bulletins, send your
email address to
cert-advisory-request () cert org
In the subject line, type
SUBSCRIBE your-email-address
==========================================================================
* Registered U.S. Patent and Trademark Office.
The CERT Coordination Center is part of the Software Engineering
Institute (SEI). The SEI is sponsored by the U. S. Department of Defense.
NO WARRANTY
ANY MATERIAL FURNISHED BY CARNEGIE MELLON UNIVERSITY AND THE SOFTWARE
ENGINEERING INSTITUTE IS FURNISHED ON AN "AS IS" BASIS. CARNEGIE MELLON
UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED AS TO
ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR
PURPOSE OR MERCHANTABILITY, EXCLUSIVITY OR RESULTS OBTAINED FROM USE OF THE
MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND
WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
==========================================================================
This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-98.10.sco.mscreen
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNiNwnHVP+x0t4w7BAQHmMwQAlwO65WS2iuRQXuVU4HSkWtuqMCIkXaS1
LtiroIXGBLBVttsvqZgnqEGWW5rn4XuCL7g74KtIqeLKQHqyM2ZQk90tdr5dlnC2
WXULucKcVBjGzBjS1Y6CXMbUbWuc4IxxpWq6+sZvrwToYPu9s5difxeS6/eC8Mfz
f8Xb7FVN8ek=
=WBQR
-----END PGP SIGNATURE-----
Current thread:
- Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Ken Williams (Oct 07)
- <Possible follow-ups>
- Re: Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Boynton, David, SSgt, AFPOA/DPSM (Oct 08)
- More Rconsole stuff Chris Brenton (Oct 09)
- Re: More Rconsole stuff Randy Richardson (Oct 12)
- Referer (was Patches for wwwboard.pl) Michael Blythe (Oct 09)
- MacAttack Spikeman (Oct 08)
- Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 09)
- Re: Referer (was Patches for wwwboard.pl) David Schwartz (Oct 12)
- Re: Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 13)
- Re: Referer (was Patches for wwwboard.pl) Kevin Littlejohn (Oct 13)
- More Rconsole stuff Chris Brenton (Oct 09)
- CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen Aleph One (Oct 13)
- FreeBSD Security Advisory: FreeBSD-SA-98:07.rst Aleph One (Oct 13)
- Re: Referer (was Patches for wwwboard.pl) Adam Shostack (Oct 10)
- Followup to FP98 and other Frontpage bugs pedward () WEBCOM COM (Oct 12)
- pcnfsd ... ga (Oct 13)
- Re: pcnfsd ... Mark Zielinski (Oct 14)
- Re: Followup to FP98 and other Frontpage bugs Markus Stumpf (Oct 13)
- The poisoned NUL byte Olaf Kirch (Oct 14)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Oct 12)