Date: Fri, 17 Aug 2001 15:31:17 -0600
From: Support Info <email@example.com>
Subject: Security Update: [CSSA-2001-031.0] Linux -security issues in
Caldera International, Inc. Security Advisory
Subject: Linux - security issues in ucd-snmp
Advisory number: CSSA-2001-031.0
Issue date: 2001, August 16
1. Problem Description
In a routine security audit of the ucd-snmp package we have found
several problems, including several potentially exploitable buffer
overflows, format string bugs, signedness issues and tempfile race
conditions. Some of these might allow remote attackers to gain access
to the UID under which snmpd is running. This update fixes all known
problems and also makes the snmpd run as user 'nobody', reducing the
impact of further problems.
2. Vulnerable Versions
OpenLinux 2.3 not vulnerable
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder ucd-snmp-4.2.1-6b
OpenLinux eDesktop 2.4 not vulnerable
OpenLinux Server 3.1 not vulnerable
OpenLinux Workstation 3.1 not vulnerable
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
The corresponding source code package can be found at:
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh ucd-snmp-4.2.1-6b.i386.rpmucd-snmp-devel-4.2.1-6b.i386.rpmucd-snmp-utils-4.2.1-6b.i386.rpm
6. OpenLinux eDesktop 2.4
7. OpenLinux 3.1 Server
8. OpenLinux 3.1 Workstation
This and other Caldera security resources are located at:
This security fix closes Caldera's internal Problem Report 10043.
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.