___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: OpenSSH channel code vulnerability
Advisory number: 	CSSA-2002-SCO.10
Issue date: 		2002 March 12
Cross reference:
___________________________________________________________________________


0. Revision History

	2002 March 20
	
	This package requires the zlib  and PRNGD libraries to install
	and  run properly.  Section 4.3  is  updated  below to include
	these packages.
	

1. Problem Description

	A  bug exists in the  channel code  of  OpenSSH  versions  2.0
	though 3.0.2.

	Existing users can use this bug  to gain root privileges.  The
	ability to exploit this vulnerability without an existing user
	account  has  not  yet  been  proven,  but  it  is  considered
	possible.  A  malicious ssh server could also  use this bug to
	exploit a connecting vulnerable client.
						

2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	all ssh distribution files


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/


  4.2 Verification

	MD5 (openssh-3.1p1-VOLS.tar) = 8e99c00aa99c12b48cc4fcc4578c9923

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download openssh-3.1p1-VOLS.tar to the /tmp directory

	# cd /tmp
	# tar xvf openssh-3.1p1-VOLS.tar

	Run the custom  command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


	NOTE:

	The zlib  and  PRNGD  packages are required  to  be  installed
	before  OpenSSH  will work. These packages  can  be downloaded
	from:

	ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/zlib-1.1.4-VOLS.tar
	ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/prngd-0.9.23-VOLS.tar

	They should  be  installed using  the  same  procedure  as the
	OpenSSH package.


5. References

	http://www.pine.nl/advisories/pine-cert-20020301.txt

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr861336, fz520315, erg711984.


6. Disclaimer

	Caldera International, Inc. is not  responsible for the misuse
	of  any of  the  information we provide on  our website and/or
	through our  security advisories. Our advisories are a service
	to  our customers  intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Joost  Pol  <joost@pine.nl>  discovered  and  researched  this
	vulnerability.

___________________________________________________________________________