______________________________________________________________________________ 

                Caldera International, Inc. Security Advisory 

Subject: OpenServer 5.0.5 OpenServer 5.0.6 : crontab format string vulnerability 
Advisory number: CSSA-2002-SCO.35 
Issue date: 2002 July 22 
Cross reference: 
______________________________________________________________________________ 

1. Problem Description 

        The crontab program contains a format string vulnerability 
        that can be used by a malicious user to execute code to 
        gain privilege. 

2. Vulnerable Supported Versions 

        System Binaries 
        ---------------------------------------------------------------------- 
        OpenServer 5.0.5 /etc/cron 
                                        /usr/bin/at 
                                        /usr/bin/crontab 
        OpenServer 5.0.6 
                                        /etc/cron 
                                        /usr/bin/at 
                                        /usr/bin/crontab 

3. Solution 

        The proper solution is to install the latest packages. 

4. OpenServer 5.0.5 

        4.1 Location of Fixed Binaries 

        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.35 

        4.2 Verification 

        MD5 (VOL.000.000) = 044edeae4a5db58a5a27078d70bf2060 

        md5 is available for download from 
                ftp://ftp.caldera.com/pub/security/tools 

        4.3 Installing Fixed Binaries 

                Upgrade the affected binaries with the following commands: 

        1) Download the VOL* files to the /tmp directory 

        Run the custom command, specify an install from media images, 
        and specify the /tmp directory as the location of the images. 

5. OpenServer 5.0.6 

        5.1 Location of Fixed Binaries 

        ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.35 

        5.2 Verification 

        MD5 (VOL.000.000) = 044edeae4a5db58a5a27078d70bf2060 

        md5 is available for download from 
                ftp://ftp.caldera.com/pub/security/tools 

        5.3 Installing Fixed Binaries 

                Upgrade the affected binaries with the following commands: 

        1) Download the VOL* files to the /tmp directory 

        Run the custom command, specify an install from media images, 
        and specify the /tmp directory as the location of the images. 

6. References 

        Specific references for this advisory: 
                Strategic Reconnaissance Team Security Advisory 
                        (SRT2002-06-04-1611) http://www.snosoft.com 

        Caldera security resources: 
                http://www.caldera.com/support/security/index.html 

        This security fix closes Caldera incidents sr864228, fz520964, 
        erg712045. 

7. Disclaimer 

        Caldera International, Inc. is not responsible for the 
        misuse of any of the information we provide on this website 
        and/or through our security advisories. Our advisories are 
        a service to our customers intended to promote secure 
        installation and use of Caldera products. 

8. Acknowledgements 

        KF (dotslash@snosoft.com) discovered and researched this 
        vulnerability. 

______________________________________________________________________________ 

-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 

iEYEARECAAYFAj08fLcACgkQaqoBO7ipriEM3gCgq3UbH4vgx9kIi5RmRY5PIeO9 
bi0AoIv0a5cV61uPPGDz3weUTpwLaw/5 
=mel6 
-----END PGP SIGNATURE-----