___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: /bin/login and /etc/getty argument buffer overflow
Advisory number: 	CSSA-2001-SCO.40
Issue date: 		2001 December 14
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	A remotely exploitable buffer overflow exists in /bin/login
	and /etc/getty. Attackers can exploit this vulnerability to
	gain root access to the server.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/bin/login
						/etc/getty


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/

	erg711877.506.tar.Z is the patch for SCO OpenServer Release
	5.0.6, with or without Release Supplement 5.0.6a (rs506a).
	Note that other security issues are corrected by rs506a; we
	strongly recommend installing it on all 5.0.6 systems.

	erg711877.505.tar.Z is the patch for SCO OpenServer Release
	5.0.5 and earlier.  Although it should work with all releases
	5.0.0 through 5.0.5, it has not yet been tested on every
	release.


  4.2 Verification

	md5 checksums:

	e1748ebb4710796620c15017e52eecc0	erg711877.505.tar.Z
	627a41d22040872f967cb5387c7e629c	erg711877.506.tar.Z


	md5 is available for download from

		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	For 5.0.6 and 5.0.6a:

		Download erg711877.506.tar.Z to the /tmp directory
	
		# mv /bin/login /bin/login-
		# mv /etc/getty /etc/getty-
		# chmod 0 /bin/login- /etc/getty-
		# uncompress erg711877.506.tar.Z
		# cd /
		# tar xvf /tmp/erg711877.506.tar

	For pre-5.0.6:

		Download erg711877.505.tar.Z to the /tmp directory
	
		# mv /bin/login /bin/login-
		# mv /etc/getty /etc/getty-
		# chmod 0 /bin/login- /etc/getty-
		# uncompress erg711877.505.tar.Z
		# cd /
		# tar xvf /tmp/erg711877.505.tar


5. References

	http://www.cert.org/advisories/CA-2001-34.html
	http://www.kb.cert.org/vuls/id/569272
	http://xforce.iss.net/alerts/advise105.php

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr854610, SCO-559-1318, erg711877.


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	This vulnerability was discovered and researched by Mark Dowd
	of the ISS X-Force.

	 
___________________________________________________________________________