===========================================================================
SCO Security Bulletin 99.17c
19th-October-2000
Multiple Vulnerabilities Found In OpenServer 
---------------------------------------------------------------------------

I.   Description

Several security holes have been found in SCO OpenServer.

II.  Impact

Unprivileged users can gain administrative privileges on unpatched
servers.

III. Releases

SCO products that require patching are OpenServer version 5.0.5.

IV.  Solution

SCO is providing an interim patch to address this issue in the form of a
System Security Enhancement (SSE) package.

SSE037 contains replacement binaries for OpenServer 5.0.5,
and is available for Internet download via anonymous ftp.

You can download the SSE package as follows:

Anonymous ftp (World Wide Web URL):

    ftp://ftp.sco.COM/SSE/sse037c.ltr    (cover letter, ASCII text)
    ftp://ftp.sco.COM/SSE/sse037.tar.Z  (new binaries, compressed tar file)

Checksums (sum -r):

        02252     4 sse037c.ltr
        59070  1428 sse037.tar.Z

V.   Updates

This bulletin is available for anonymous ftp download from 
ftp://ftp.sco.COM/SSE/security_bulletins/SB-99.17c, and will be
updated as new information becomes available.

The latest information on security vulnerabilities and fixes from
SCO is available on the world-wide web at http://www.sco.com/security/

VI.  Further Information:

If you have further questions, contact your support provider.  If you
need to contact SCO, please send electronic mail to support@sco.COM, or
contact SCO as follows. 

    USA/Canada: 6am-5pm Pacific Time (PST/PDT)
    -----------
    1-800-347-4381  (voice)
    1-408-427-5443  (fax)

    Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific
    ------------------------------------------------ Time (PST/PDT)
    1-408-425-4726  (voice)
    1-408-427-5443  (fax)

    Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST)
    ----------------------------
    +44 (0)1923 816344 (voice)
    +44 (0)1923 817781 (fax)