-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		Security problem (setuid) with dump
Advisory number: 	CSSA-2000-004.0
Issue date: 		2000 March, 6
Cross reference:
______________________________________________________________________________


1. Problem Description

   OpenLinux contains a pair of utilities called dump
   and restore, intended to support backup and
   recovery of files.

   There is a buffer overflow in the way the dump command
   handles certain arguments.  This bug can be exploited to
   obtain group tty privilege.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                dump-0.4b4-8

   OpenLinux eServer 2.3        All packages previous to
                                dump-0.4b4-8


3. Solution

   Workaround:

   If you do not use dump and restore, remove the RPM:

		rpm -e dump

   Alternatively, remove the setuid and setgid bit from
   these commands:

		chmod 555 /sbin/dump /sbin/restore:

   The upgrade RPMs provided by Caldera do just this
   (i.e. removing the s bits from both binaries).

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/openlinux/updates/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderaystems.com/pub/openlinux/updates/2.3/current/SRPMS

   4.2 Verification

       96136401e7edca0eb43a226ce5adea98  RPMS/dump-0.4b4-8.i386.rpm
       39210c6a3b91cff761e438026379e308  SRPMS/dump-0.4b4-8.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -F dump-0.4b4-8.i386.rpm	

5. OpenLinux eServer 2.3

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

   5.2 Verification

       41e4fe9629bf461123e319f3e4c6abf3  RPMS/dump-0.4b4-8.i386.rpm
       7a8eb6e8254c40d7dcd7f9fe0b5a4890  SRPMS/dump-0.4b4-8.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -F dump-0.4b4-8.i386.rpm	
  
   
6. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

7. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOMUWW+n+9R4958LpAQGJ9gP+MwUGZnGYM4AGEiWe5v+45U0+pJ7/i6gX
ONrOtvetLrKk93N77CaR+TqJtofQIAH0uitqA+UWc1OTmAFqXYMrVdHKjpOrbmSS
YsoltRdi1PmESIAMrK1WcnrumagfxZiN9OWL8ItA6zT4YbgQgpdaxiNRmmQARChf
GycHa6mQzl0=
=Knzp
-----END PGP SIGNATURE-----