===========================================================================
SCO Security Bulletin 99.02
January 27, 1999
Security Vulnerability in calserver
---------------------------------------------------------------------------

I.   Description

A security vulnerability has been discovered in calserver. 

II.  Impact
        
These vulnerabilities could allow local and remote users to gain root access.

Exploit details for this vulnerability have been published, so we
recommend that the patch decribed below is installed on all multi-user
systems as soon as possible.

III. Releases

This problem exists on the following releases of SCO operating systems:

     - SCO OpenServer 5.04 and earlier releases (also Internet FastStart)
	
IV.  Solution

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.

SSE019 contains a replacement binary for  SCO OpenServer 5.04 and earlier 
releases, and is available for Internet download via anonymous ftp, and from 
the SCOFORUM on Compuserve.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse019.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse019.tar.Z  (new binaries, compressed tar file)

Compuserve:

    GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these filenames:

	SSE019.LTR	(cover letter, ASCII text)
	SSE019.TAZ	(new binaries, compressed tar file)

Checksums (sum -r):

	22999     4 sse019.ltr
	59282   452 sse019.tar.Z

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-99.02a, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)