-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: apcupsd remote root vulnerability and buffer overflows
Advisory number: 	CSSA-2003-015.0
Issue date: 		2003 March 25
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the CVE candidate desciptions:

	A vulnerability in apcupsd allows remote attackers to gain
	root privileges, possibly via format strings in a request to a
	slave server.

	Multiple buffer overflows in apcupsd may allow attackers to
	cause a denial of service or execute arbitrary code, related
	to usage of the vsprintf function.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm

	OpenLinux 3.1 Server		prior to apcupsd-3.8.6-1.i386.rpm
					prior to apcupsd-cgi-3.8.6-1.i386.rpm
					prior to apcupsd-powerflute-3.8.6-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/RPMS

	4.2 Packages

	a2c0d41800f62383c65f77858f0c3898	apcupsd-3.8.6-1.i386.rpm
	13800369e6a5712eb02f00514e05eaf0	apcupsd-cgi-3.8.6-1.i386.rpm
	c6744b9f001474a9bb1dd9f59d3edbcd	apcupsd-powerflute-3.8.6-1.i386.rpm

	4.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-015.0/SRPMS

	4.5 Source Packages

	2efb5f90e0c02ffc08340308d29bc1bf	apcupsd-3.8.6-1.src.rpm


5. OpenLinux 3.1 Server

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/RPMS

	5.2 Packages

	2c04bd609f4b1949c56556719928ff50	apcupsd-3.8.6-1.i386.rpm
	048ad400cb7c9a80ba16798ecde20c4a	apcupsd-cgi-3.8.6-1.i386.rpm
	d8de392566a69a95f5e230af51918839	apcupsd-powerflute-3.8.6-1.i386.rpm

	5.3 Installation

	rpm -Fvh apcupsd-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-cgi-3.8.6-1.i386.rpm
	rpm -Fvh apcupsd-powerflute-3.8.6-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-015.0/SRPMS

	5.5 Source Packages

	1d6fcff1a24702cc60ec0779a6512e0a	apcupsd-3.8.6-1.src.rpm


6. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0098
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0099

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876044, fz527560,
	erg712268.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	Highspeed Junkie (http://hsj.shadowpenguin.org/) discovered
	and researched the slave server vulnerability.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6A030ACgkQbluZssSXDTETPACfekFtPeGGqi7+6XzbUgljNDzh
88MAoNOLBNVjyGSHHxTAh6ajyE+2/nrH
=Jwig
-----END PGP SIGNATURE-----