-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.17: Permission problem in
libtermcap

Advisory issue date: 24-July-1998
Topic: Permission problem in libtermcap


I. Problem Description

	libtermcap failed to reset uid/gid prior to accessing the
	termcap file when provided through the TERMCAP environment
	variable.

	This only affects setuid/setgid applications linked against
	libtermcap.


II. Impact

Description:

	It is difficult to see how this security hole could be
	exploited.

Vulnerable Systems:

	OpenLinux 1.0, 1.1, & 1.2 systems using libtermcap packages
	prior to libtermcap-2.0.8-5.
	

III. Solution

Correction:

        The proper solution is to Upgrade to the libtermcap-2.0.8-5 
	packages. 
	
        They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS

        The MD5 checksums (from the "md5sum" command) for these packages are:

1c6a815a5ece7fabdf97366e4dd45fdb  RPMS/libtermcap-2.0.8-5.i386.rpm
da32e06986438d29728005608b75f8c9  RPMS/libtermcap-devel-2.0.8-5.i386.rpm
51cc1d9330e3af94d4ae0b82d59ce477  RPMS/libtermcap-devel-static-2.0.8-5.i386.rpm
44ad218d299992a6883b09f6327f387d  SRPMS/libtermcap-2.0.8-5.src.rpm

        Upgrade with the following commands:

rpm -q libtermcap && rpm -U libtermcap-2.0.8-5.i386.rpm
rpm -q libtermcap-devel && rpm -U libtermcap-devel-2.0.8-5.i386.rpm
rpm -q libtermcap-devel-static && rpm -U libtermcap-devel-static-2.0.8-5.i386.rpm


IV. References


        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        This security fix closes Caldera's internal Problem Report 4042.


V. PGP Signature

	This message was signed with the PGP key for security@caldera.com.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1998.17.txt,v 1.3 1998/07/24 13:02:14 rf Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbiF1en+9R4958LpAQEWpAP5ASEb7nU7WtbrnfKy39p3C7YX/ldhVvoJ
J0k1qpQ4yu0duAiE8K71Bhy9/oRI6H/ttJbM0vGBzRieENpKujNiM3SNb0XkRUd4
2/IOpTWebQ5Dl29ccVU6DoaXQLmPUy8d28fNtM2WSxui4xGOKRrgGKs+0AGWS9MN
H/LCTqSN6wc=
=S1Fl
-----END PGP SIGNATURE-----