=========================================================================== SCO Security Bulletin 97:02 November 20, 1997 Vulnerability in /usr/bin/X11/scoterm --------------------------------------------------------------------------- The Santa Cruz Operation has discovered the following problem present in our software: I. Description A security vulnerability in the implementation of scoterm has been identified which could allow unprivileged users to gain unauthorized root access to the system. II. Impact Any user with an account on the system may be able to execute arbitrary commands with root privileges. A program which exploits this vulnerability is in existence, although we do not believe it is currently being distributed. There is a risk that the exploit method may be revealed, so the patch should be applied as soon as possible. III. Releases This problem exists on the following releases of SCO operating systems: - SCO Open Desktop/Open Server 3.0 - SCO OpenServer 5.0 The following releases are not vulnerable, and no patch is necessary: - SCO CMW+ 3.0 - SCO UnixWare 2.1 IV. Solution SCO is providing interim patches to address this issue in the form of a System Security Enhancement (SSE) package. The SSE package includes patches for all operating systems listed above. The SSE package is available for Internet download via anonymous ftp, and from the SCOFORUM on Compuserve. If you are for some reason unable to access or install the patches, you should temporarily disable scoterm by running the following command as the root user: # chmod 0 /usr/bin/X11/scoterm You can download the patches as follows: Anonymous ftp (World Wide Web URL) ------------- For OpenServer 5 platforms: ftp://ftp.sco.com/SLS/oss473a.Z (Volume image) ftp://ftp.sco.com/SLS/oss473a.ltr (cover letter) For Open Server 3 platforms: ftp://ftp.sco.com/SSE/sse009b.tar.Z (new binaries, compressed tar file) ftp://ftp.sco.com/SSE/sse009b.ltr (cover letter) Compuserve ---------- GO SCOFORUM, and search the file library for these filenames: SSE009B.LTR (cover letter, compressed) SSE009B.TAR.Z (new binaries, compressed tar file) oss473a.Z (Volume image, compressed) oss473a.ltr (cover letter) Checksums --------- sum -r 29367 4 sse009b.ltr 59766 291 sse009b.tar.Z sum -r 63558 222 oss473a.Z 19937 10 oss473a.ltr Updates: This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB.97:02a, and will be updated as new information becomes available. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)