Date: 09 October 1998
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-98.153 -- SCO Security Bulletin 98.05
Vulnerabilities in "mscreen"
9 October 1998
===========================================================================
The Santa Cruz Operation Inc. (SCO) has released the following bulletin
concerning vulnerabilities in the mscreen program in a number of releases
of SCO operating systems. These vulnerabilities may allow a local user to
gain root privileges. Exploit information involving these vulnerabilities has
been made publicly available.
- ---------------------------BEGIN INCLUDED TEXT--------------------
===========================================================================
SCO Security Bulletin 98.05
October 6, 1998
Security Vulnerabilities in "mscreen" Serial Multiscreens Utility
- ---------------------------------------------------------------------------
I. Description
Security vulnerabilities have been discovered in the SCO "mscreen"
serial multiscreens utility.
II. Impact
The vulnerabilities could allow local users to gain root privileges.
An exploit script for one of the vulnerabilities has been published,
so we recommend that the patch described below be installed on all
affected systems as soon as possible.
III. Releases
This problem exists on the following releases of SCO operating systems:
- SCO Open Desktop/Open Server 3.0 (all, also SCO UNIX 3.2v4)
- SCO OpenServer 5.0 (all, also SCO Internet FastStart)
- SCO CMW+ 3.0
Other SCO products are not affected.
IV. Solution
For SCO CMW+, the mscreen utility is non-functional; however, a binary
is installed on the system with the set-user-id attribute. This should
be disabled by executing the following command logged in as root:
# chmod 0 /usr/bin/mscreen
For SCO OpenServer 5 and SCO Open Desktop/Open Server 3, SCO is providing
an interim patch to address this issue in the form of a System Security
Enhancement (SSE) package.
SSE016 contains new versions of the mscreen binary for each system type.
It is available for Internet download via anonymous ftp, and from the
SCOFORUM on Compuserve.
You can download the SSE package as follows:
Anonymous ftp (World Wide Web URL):
ftp://ftp.sco.COM/SSE/sse016.ltr (cover letter, ASCII text)
ftp://ftp.sco.COM/SSE/sse016.tar.Z (new binaries, compressed tar file)
Compuserve:
GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames:
SSE016.LTR (cover letter, ASCII text)
SSE016.TAZ (new binaries, compressed tar file)
Checksums (sum -r):
15726 5 sse016.ltr
31228 64 sse016.tar.Z
V. Updates
This bulletin is available for anonymous ftp download from
ftp://ftp.sco.COM/SSE/security_bulletins/SB-98.05a, and will be
updated as new information becomes available.
The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/
VI. Further Information:
If you have further questions, contact your support provider. If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows.
USA/Canada: 6am-5pm Pacific Time (PST/PDT)
-----------
1-800-347-4381 (voice)
1-408-427-5443 (fax)
Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
------------------------------------------------ Time (PST/PDT)
1-408-425-4726 (voice)
1-408-427-5443 (fax)
Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
----------------------------
+44 (0)1923 816344 (voice)
+44 (0)1923 817781 (fax)
- ---------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBNisZxih9+71yA2DNAQE+DAP/ViAkAioDXsTtve0SIYvMD8fFOPZ1Cral
f8/esFu7VPOtsEhyHMCPH3qdJF4eJiB5BJrjigEs4IVOBhWyPArMJHbDanp/D6YI
yxSSBaY3cmGdSI2VhejIrqrECr6qw1rBDnj3214AFWwZ3axzbIy9xbLvDbYQ64gK
75O9vF2V+I0=
=5k24
-----END PGP SIGNATURE-----
|