|
|
| Top White Papers
Current Newswire:
SCO OpenLinux Advisories: vim, util-linuxApr 01, 2004, 21:53 (6 Talkback[s])SCO Security Advisory Subject: OpenLinux: vim arbitrary commands execution through
modelines 1. Problem Description vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used as an editor for other products such as mutt. 2. Vulnerable Supported Versions
3. Solution The proper solution is to install the latest packages. Unix users with Linux Kernel Personality can use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/RPMS 4.2 Packages 2eaf8ff7d07ae09123dff2c16e68df5f vim-6.2-1.i386.rpm 4.3 Installation rpm -Fvh vim-6.2-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-015.0/SRPMS 4.5 Source Packages 236756ca0c61400c475c8d84622ade61 vim-6.2-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-015.0/RPMS 5.2 Packages 2ebcc5f8e7b0d893b058fc241c7844b5 vim-6.2-1.i386.rpm 5.3 Installation rpm -Fvh vim-6.2-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-015.0/SRPMS 5.5 Source Packages 85709bfff745aeda4f4aa090cee834e7 vim-6.2-1.src.rpm 6. References Specific references for this advisory: 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Georgi Guninski SCO Security Advisory Subject: OpenLinux: util-linux could leak sensitive data 1. Problem Description The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. 2. Vulnerable Supported Versions
3. Solution The proper solution is to install the latest packages. Unix users with Linux Kernel Personality can use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-016.0/RPMS 4.2 Packages 43420f997baa5875bba02bc8df410f88 util-linux-2.12-1.i386.rpm 4.3 Installation rpm -Fvh util-linux-2.12-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-016.0/SRPMS 4.5 Source Packages 7a014652e2029b4dda3209b62e1ba375 util-linux-2.12-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-016.0/RPMS 5.2 Packages cff227fcbc2d7e121e2134927b86a125 util-linux-2.12-1.i386.rpm 5.3 Installation rpm -Fvh util-linux-2.12-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-016.0/SRPMS 5.5 Source Packages 24c22395492db21fbd62d4c0419ec524 util-linux-2.12-1.src.rpm 6. References Specific references for this advisory: 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Red Hat
0 Talkback[s]
(click to add your comment)
|
