86556 2002-12-11  22:48  /157 rader/  <security@caldera.com>
Importerad: 2002-12-11  22:48  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <2713>
Ärende: Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
------------------------------------------------------------
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: buffer overflow in nss_ldap DNS SRV
Advisory number: 	CSSA-2002-058.0
Issue date: 		2002 December 10
Cross reference:
______________________________________________________________________________


1. Problem Description

	A buffer overflow in the DNS SRV code for nss_ldap allows
	remote attackers to cause a denial of service and possibly
	execute arbitrary code.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to nss_ldap-172-5.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to
nss_ldap-172-5.i386.rpm

	OpenLinux 3.1 Server		prior to nss_ldap-172-5.i386.rpm

	OpenLinux 3.1 Workstation	prior to
nss_ldap-172-5.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater,
	called cupdate (or kcupdate under the KDE environment), to
	update these packages rather than downloading and installing
	them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/RPMS

	4.2 Packages

	2f9e141ceaae799721272590043e524d
nss_ldap-172-5.i386.rpm

	4.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-058.0/SRPMS

	4.5 Source Packages

	b35831284c0413d2e86e450297ba615f	nss_ldap-172-5.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/RPMS

	5.2 Packages

	a1089ea16a2e35d6a54b5f2256be190f
nss_ldap-172-5.i386.rpm

	5.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-058.0/SRPMS

	5.5 Source Packages

	4a6d0418890bcaf45ab6c6c5e8e17d3b	nss_ldap-172-5.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/RPMS

	6.2 Packages

	bd1286f5e243e8001d32c21ec1eeb7b0
nss_ldap-172-5.i386.rpm

	6.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-058.0/SRPMS

	6.5 Source Packages

	3318607550f33f8c0c8902cd6bfc2b81	nss_ldap-172-5.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/RPMS

	7.2 Packages

	b60910e2d16a23f6842c534fe6516027
nss_ldap-172-5.i386.rpm

	7.3 Installation

	rpm -Fvh nss_ldap-172-5.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-058.0/SRPMS

	7.5 Source Packages

	30aae498b3ebef5a791219eb2fb80c98	nss_ldap-172-5.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0825

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr870483, fz526358,
	erg712144.


9. Disclaimer

	SCO is not responsible for the misuse of any of the
	information we provide on this website and/or through our
	security advisories. Our advisories are a service to our
	customers intended to promote secure installation and use of
	SCO products.

______________________________________________________________________________
(86556) / <security@caldera.com>/---------(Ombruten)
Bilaga (application/pgp-signature) i text 86557
86557 2002-12-11  22:48  /9 rader/  <security@caldera.com>
Importerad: 2002-12-11  22:48  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Extern mottagare: full-disclosure@lists.netsys.com
Externa svar till: please_reply_to_security@caldera.com
Mottagare: Bugtraq (import) <2714>
Bilaga (text/plain) till text 86556
Ärende: Bilaga till: Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj32j/IACgkQbluZssSXDTFgnwCdHUs6E2bcuhmcG01F1hC01SAL
Ye0AnjED7K2Af+EU6QjkDI7giUvHdB95
=vpQx
-----END PGP SIGNATURE-----
(86557) / <security@caldera.com>/-------------------