What is Security Supplement p535239a, the sco_pmd security fix for OpenServer 
5.0.7?

KEYWORDS: openserver 5.0.7 507 security supplement p535239a fz535239 SCOSA-2011.3 sco_pmd dos denial service vulnerability

RELEASE:  SCO OpenServer Release 5.0.7

PROBLEM:  What is Security Supplement p535239a, the sco_pmd security fix for
          OpenServer 5.0.7?   

SOLUTION: The supplement fixes a potential DOS vulnerability of
          sco_pmd.
        

          What follows is the Security Advisory for this fix:

______________________________________________________________________________


                        SCO Security Advisory


Subject:                sco_pmd security fix for OpenServer 5.0.7
Advisory number:        SCOSA-2011.3
Issue date:             20th July 2011
Cross reference:        fz535239

______________________________________________________________________________


1. Problem Description

          Security Supplement p535239a, the sco_pmd security fix for
          OpenServer 5.0.7, addresses a potential denial of service 
          vulnerability of sco_pmd.
          

2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenServer 5.0.7                Maintenance Pack 5
                                       
3. Solution

        The proper solution is to install the relevant package below.

4. OpenServer 5.0.7

        This patch should only be installed on OpenServer 5.0.7 systems with
        Maintenance Pack 5 installed. 

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver5/507/security/p535239a_osr5/

        4.2 Verification

        # sum -r p535239a_vol.tar
        24679   128 p535239a_vol.tar


        MD5 (p535239a_vol.tar) = 13663b780dfe1a6ed33ad97ed9f8869f

        md5 is available for download from

        ftp://ftp.sco.com/pub/security/tools

        # /usr/bin/shasum p535239a_vol.tar
        7c0f6f5a1e54fc883bb990486a0031911fca03e1  p535239a_vol.tar

        /usr/bin/shasum is part of the perl-5.8.8 extension package
        included in Maintenance Pack <X>.

        Alternatively /usr/gnu/bin/sha1sum included in the
        GNU Utilities can be used:

        # /usr/gnu/bin/sha1sum p535239a_vol.tar
        7c0f6f5a1e54fc883bb990486a0031911fca03e1  p535239a_vol.tar


        4.3 Installation Instructions

        To install P535239A follow these steps: 

            1. Login as root

            2. Create an empty directory, such as /tmp/p535239a, to which
               the patch will be downloaded.

            3. Download the P535239A patch file p535239a_vol.tar to the
               directory created in step 2.

            4. After the download is complete, change to the directory
               containing the p535239a_vol.tar file and run the following
               to extract the media image files:

                   tar xvf p535239a_vol.tar

            5. Run the Software Manager with the command: 

                   scoadmin software 

               or double-click on the Software Manager icon in the desktop.

            6. Pull down the "Software" menu and select "Install New". 

            7. When prompted for the host from which to install, choose the 
               local machine and then "Continue". 

            8. In the "Select Media" menu, pull down the "Media Device" menu.  
               Select "Media Images", then choose "Continue". 

            9. When prompted for the "Image Directory", enter "/tmp/p535239a"
               (or the directory where you placed the P535239A patch file
               p535239a_vol.tar in step 2) and choose "OK."

           10. When prompted to select software to install, make sure that 
               the "P535239A" entry is highlighted.  Choose "Install". 
               Once installation is complete, select "OK".

           11. Installation of Escalation Supplement P535239A is now complete.
               To exit the Software Manager, select "Exit" from the "Host"
               menu. 

           12. Once the installation has completed, you can remove or
               archive the P535239A patch file p535239a_vol.tar, the
               media image files, and the containing directory created
               in step 2.

           13. Reboot the system after installing this supplement.


        4.4 Removal Instructions
   
        Note: Patches must be rolled back in the reverse order in which they 
        were installed on a per-component basis. 

            1. Log in as root. 

            2. Execute the command: 

                   scoadmin software 

               or double-click on the Software Manager icon in the desktop. 

            3. Highlight the "P535239A" entry. 

            4. Pull down the "Software" menu and select "Remove Software". 

            5. Once the removal finishes, quit the Software Manager.   

            6. It is necessary to reboot your system after removal.


5. References

        SCO security resources:
                http://www.sco.com/support/download.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents fz535239.


6. Disclaimers

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

7. Acknowledgments

        N/A