Published:
25 November 1997
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-97.155 -- CERT Vendor-Initiated Bulletin VB-97.14 - SCO Vulnerability in /usr/bin/X11/scoterm 26 November 1997 =========================================================================== The CERT Coordination Center has released the following advisory concerning a security vulnerability in the implementation of the scoterm program under SCO Unix. This vulnerability may allow any user with an account on the system to execute arbitrary commands with root privileges. The following security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write this document, AUSCERT has had no control over its content. As such, the decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. Contact information for CERT/CC is included in the Security Bulletin below. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/information/advisories.html If you believe that your system has been compromised, contact AUSCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Vendor-Initiated Bulletin VB-97.14 November 25, 1997 Topic: Vulnerability in /usr/bin/X11/scoterm Source: The Santa Cruz Operation, Inc. (SCO) To aid in the wide distribution of essential security information, the CERT Coordination Center is forwarding the following information from The Santa Cruz Operation, Inc. (SCO). SCO urges you to act on this information as soon as possible. SCO contact information is included in the forwarded text below; please contact them if you have any questions or need further information. =======================FORWARDED TEXT STARTS HERE============================ SCO Security Bulletin 97:02 November 20, 1997 Vulnerability in /usr/bin/X11/scoterm - - ---------------------------------------------------------------------------- The Santa Cruz Operation has discovered the following problem present in our software: I. Description A security vulnerability in the implementation of scoterm has been identified which could allow unprivileged users to gain unauthorized root access to the system. II. Impact Any user with an account on the system may be able to execute arbitrary commands with root privileges. A program which exploits this vulnerability is in existence, although we do not believe it is currently being distributed. There is a risk that the exploit method may be revealed, so the patch should be applied as soon as possible. III. Releases This problem exists on the following releases of SCO operating systems: - SCO Open Desktop/Open Server 3.0 - SCO OpenServer 5.0 The following releases are not vulnerable, and no patch is necessary: - SCO CMW+ 3.0 - SCO UnixWare 2.1 IV. Solution SCO is providing interim patches to address this issue in the form of a System Security Enhancement (SSE) package. The SSE package includes patches for all operating systems listed above. The SSE package is available for Internet download via anonymous ftp, and from the SCOFORUM on Compuserve. If you are for some reason unable to access or install the patches, you should temporarily disable scoterm by running the following command as the root user: # chmod 0 /usr/bin/X11/scoterm You can download the SSE package as follows: Anonymous ftp (World Wide Web URL) - - -------------- ftp://ftp.sco.COM/SSE/sse009.ltr (cover letter, uncompressed) ftp://ftp.sco.COM/SSE/sse009.tar.Z (new binaries, compressed tar file) Compuserve - - ----------- GO SCOFORUM, and search the file library for these filenames: SSE009.LTR (cover letter, compressed) SSE009.TAZ (new binaries, compressed tar file) Checksums - - ---------- sum -r 59495 4 sse009.ltr 15226 602 sse009.tar.Z Updates: This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a, and will be updated as new information becomes available. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax) ========================FORWARDED TEXT ENDS HERE============================= If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST). See http://www.first.org/team-info/. We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://ftp.cert.org/pub/CERT_PGP.key CERT Contact Information - - ------------------------- Email cert@cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA CERT publications, information about FIRST representatives, and other security-related information are available from http://www.cert.org/ ftp://ftp.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request@cert.org In the subject line, type SUBSCRIBE your-email-address * Registered U.S. Patent and Trademark Office. The CERT Coordination Center is part of the Software Engineering Institute (SEI). The SEI is sponsored by the U. S. Department of Defense. This file: ftp://ftp.cert.org/pub/cert_bulletins/VB-97.14.scoterm - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNHr9aXVP+x0t4w7BAQGxIQP/fHoEvpAaMgAxOvNuum97EN7QJG+GhetT qdFV5qveyhgnJdlrQgf80lV3WsCYq9jh/KLpQIeszqLnmzWIitHW7JeThJeqZJPJ 0xpMdvftcM/o2073q7OcL195gyYvo+sbGUzA4KWfCAzV4OMDeS0ByQ07ViIh/XwS R3A/rRR+KH8= =1qyQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBNHve9yh9+71yA2DNAQGfwAP/Zqby44nWXoWZs9pvpBpzp6HYX08ZvQaa qgVvy7ztp62JuaBsb/8Z4xI0LK8p2ob/+lc3DiMZMEYjB6qJm7hZNVD9Pxq4+0k/ uXnuXQaY7m8K6MThaAv3IJJSugfFCL73NwQU//UxFzxCa0qk6G6wrKjDWhQdKOga 5WsAb95RB7M= =tTbT -----END PGP SIGNATURE-----