-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject: 	        buffer overflow in dosemu	
Advisory number: 	CSSA-1999:006.0
Issue date: 		1999 Feb 24
Cross reference: 	
______________________________________________________________________________


1. Problem Description

   The TERM and TERMINFO environmentables can be used to cause buffer 
   overflows in dosemu.

   General security problems with suid root 
   (from Erik Mouw J.A.K.Mouw@its.tudelft.nl):

   Note that any Dosemu version running suid root with DPMI enabled is
   inherently unsafe. A DPMI program in Dosemu is able to use Linux system
   calls, including system calls that require root privileges. The Dosemu Team
   is not able to fix this security hole; system administrators who are
   serious about security, should not install Dosemu suid-root. Dosemu can run
   non-suid on the Slangterminal, under X, in the background and even on
   serial lines (bbs'es for example).


2. Vulnerable Versions

   Systems: 	OpenLinux 1.0, 1.1, 1.2, 1.3.
   Packages: 	< dosemu-0.98.5-1.i386.rpm


3. Solutions

   The proper solution is to upgrade to the dosemu-0.98.5 package. 

   For security dosemu should not be installed with the SUID bit set on its
   binaries.


4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

   rpm -q dosemu && rpm -U dosemu-0.98.5.i386.rpm


6. Verification

   The MD5 checksums (from the "md5sum" command) for these packages are:

   092455b8c1c863e486458d2d6681d8e5  RPMS/dosemu-0.98.5-1.i386.rpm
   f9d67120bfb3898ba88fd34ff114417c  SRPMS/dosemu-0.98.5-1.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html
  
   Additional documentation on this problem can be found in:
   http://geek-girl.com/bugtraq/1999_1/0040.html

   This security fix closes Caldera's internal Problem Report 4253.


8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOC/Ohun+9R4958LpAQH10QP/fT/hy+zv5hx2lV1cSuf3RYAMe54a8mhW
AIf7Kt8DAfToG5ItYRLl56J70wv4uMrisjH0NIRes8OJmIrFs/rwVvLnkHzJI4/e
p+8Hkyb1MckhSTIeZARtPTFOTLi8MxzpMF+DrqaX6g/OW2MkXRCuyp5xfchiQahO
kVgPkZAIrwE=
=fuIa
-----END PGP SIGNATURE-----